Passing Tokens In Requests Introduction By default, Laravel ships with a simple solution to API authentication via a random token assigned to each user of your application. This driver is responsible for inspecting the API token on the incoming request and verifying that it matches the user's assigned token in the database.
Note: While Laravel ships with a simple, token based authentication guard, we strongly recommend you consider using Laravel Passport for robust, production applications that offer API authentication. You should assign these tokens when a User model is created for the user during registration.
If you would like to hash your API tokens using SHA hashing, you may protected token the hash option of your api guard configuration to true.
Instead, you will need to implement your own API token management page within your application. This page should allow users to initialize and refresh their Protected token token.
Therefore, slow hashing methods such as bcrypt are unnecessary. Protecting Routes Laravel includes an authentication guard that will automatically validate API tokens on incoming requests.
We'll discuss each of these approaches while using the Guzzle HTTP library to demonstrate their usage. You may choose any of these approaches based on the needs of your application.
Each of our partners can help you craft a beautiful, well-architected project.