Skip to content

Authentication

Kevin Lee edited this page Feb 12, 2016 · 4 revisions

The current routes configuration is located at app/Http/Routes/index.php

Route::group(['prefix' => 'api/v1'], function () {
    //Retrieve or refresh token
    Route::post('token', ['uses' => 'UsersController@token', 'middleware' => 'auth']);

    //Apply VerifyToken middleware to api
    Route::group(['middleware' => 'token'], function () {
        Route::resource('users', 'UsersController', ['except' => ['create', 'edit']]);
    });
});

Retrieving an access token

To authenticate, a user send a request to the api/v1/token endpoint:

POST https://<URL>/api/v1/token

The header of this POST request must contain the following parameter:

Header Value
Authorization Required. Base 64 encoded string that contains the user email and password. The field must have the format: Authorization: Basic <base64 encoded email:password>

For example:

$ curl -X POST -H "Authorization: Basic ZjM4ZjAw...WY0MzE=" https://<URL>/api/v1/token
  {
     "access_token": "NgCXRKc...MzYjw",
     "token_type": "bearer",
     "expires_in": 3600,
  }

Refreshing an access token

A user may also refresh their authentication session using the api/v1/token endpoint. They may send a valid access token instead of user credentials. The header of this POST request must contain the following parameter:

Header Value
Authorization Required. The field must have the format: Authorization: Bearer <access_token>

Using an access token to access the API

curl -H "Authorization: Bearer NgCXRKc...MzYjw" https://<URL>/api/v1/users/
{
  {
    "id" : 1,
    "firstname": "Test",
    "lastname": "User",
    "email": "user@test.com"
    }, {
...

Clone this wiki locally