At Agira, Technology Simplified, Innovation Delivered, and Empowering Business is what we are passionate about. We always strive to build solutions that boost your productivity.


Create A REST API In Laravel With Authentication Using Passport

  • By Nithin Kumar C N
  • December 27, 2018

APIs will always use tokens to authenticate users. The reason behind this approach is, usually, there is no session state provided between the requests. To avoid this, Laravel introduced Laravel Passport which makes API authentication an easy task by providing a full OAuth2 server implementation for the entire application.
In this tutorial, we are going to discuss about how we can write REST API in Laravel with Passport authentication. As we all know, REST is the most efficient and widely used standard for API creation. Laravel is also evolved as the best supporting platform for creating APIs. Authentication of APIs are very imperial factor for any application so to achieve the high-level authentication Laravel uses a powerful concept called ‘Laravel Passport’.
Let’s see how we can create a REST API in Laravel with authentication using passport,

Create A Fresh Application

Will start with creating a new Laravel application, now run the following command to create the application

composer create-project --prefer-dist laravel/laravel laravel-passport

After that, we have to install Passport package using the following command

composer require laravel / passport

Once the package is installed, we have to update the config/app.php file by adding the following service provider


'providers' =>[

After the successful registration of passport service provider, we have to run migration files. It will add several new tables in the database. To run the migration, use the following command

php artisan migrate

Next is the process of installing a passport in our application. We can use the following command to install a passport.

php artisan passport:install

We need to generate encryption keys to get a secure access token and you can create it by running the above command.
In next step, we have to configure passport. We have to make changes in three files to do the passport configuration.

  1. Add the Laravel\Passport\HasApiTokens trait to the App\User model. It will provide some helper methods to our model, which is helpful for us to check the authenticated user’s token and scopes. 


Best To Read: Top 10 Laravel Blogs You Must Not Miss



namespace App;
use Illuminate\Notifications\Notifiable;
use Illuminate\Foundation\Auth\User as Authenticatable;
Use Laravel\Passport\HasApiTokens;
class User extends Authenticatable
 use HasApiTokens, Notifiable;
* The attributes that are mass assignable.
* @var array
protected $fillable = [
'name', 'email', 'password',
* The attributes that should be hidden for arrays.
* @var array
protected $hidden = [
'password', 'remember_token',


  1. We have to add the Passport::routes method in the boot method of the AuthServiceProvider. The reason why we are adding it here is, that it will register the necessary routes that are required to issue access and revoke the access tokens.
namespace App\Providers;
use Laravel\Passport\Passport;
use Illuminate\Support\Facades\Gate;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
class AuthServiceProvider extends ServiceProvider
    * The policy mappings for the application.
    * @var array
   protected $policies = [
       'App\Model' => 'App\Policies\ModelPolicy',
    * Register any authentication / authorization services.
    * @return void
   public function boot()


  1. Next, in our config/auth.php file, we have to set the driver option from “API authentication guard” to passport. This will enable our application to use the Passport’s token guard at the time of authenticating API requests.
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
'api' => [
'driver' => 'passport',
'provider' => 'users',


Create API Routes 

Next step is to create API routes, Laravel provides api.php file for writing all the web services route which you can find it inside the route directory. 

| API Routes
| Here is where you can register API routes for your application. These
| routes are loaded by the RouteServiceProvider within a group which
| is assigned the "API" middleware group. 
Route::post('login', 'api\UserController@login');
Route::post('signup', 'api\UserController@signup');


Create Controller 

We need to create a controller and some API methods inside the controller.

namespace App\Http\Controllers\API;
use Illuminate\Http\Request;
use App\Http\Controllers\Controller;
use App\User;
use Illuminate\Support\Facades\Auth;
use Validator;
class UserController extends Controller
   public function login(){
       if(Auth::attempt(['email' => request('email'), 'password' => request('password')])){
           $user = Auth::user();
           $success['token'] =  $user->createToken('LaraPass')-> accessToken;
           return response()->json(['success' => $success], $this-> successStatus);
           return response()->json(['error'=>'Unauthorised'], 401);
   public function signup(Request $request)
           'name' => 'required|string',
           'email' => 'required|string|email|unique:users',
           'password' => 'required|string|confirmed'
       $user = new User([
           'name' => $request->name,
           'email' => $request->email,
           'password' => bcrypt($request->password)
       return response()->json([
           'message' => 'Successfully created user!'
       ], 201);


Related: How To Create A Custom Validation Rule In Laravel


Testing API

We have various client tools to test but here I am preferably using Postman so I have attached the screenshots for your reference below.  And, one thing we have to note down here is that for both signup and login APIs, we have to set the header as below:
Accept: application/json

Sign up

signup-api laravel
Though Laravel’s token system was fine enough—but it wasn’t much secure. But Passport mechanism we have discussed here will provide full OAuth2 server implementation for your Laravel application. I hope this article will give you a clear idea on implementing Laravel Passport API authentication.
[contact-form-7 404 "Not Found"]
Like to read more from Laravel Developers? Don’t miss out to read more from the great minds in the industry!

Contact us today to get free 20 hrs of consulting & proof of concept from experts” 


Nithin Kumar C N

Passionate Senior Software Developer, Expert in PHP, Laravel, JQuery, Angular, With 6 years of experience in web development, he strongly committed himself in delivering authentic applications. Also, he continuously update himself with new technologies & features which drives him to come up with blogs on unique topic.