-
Notifications
You must be signed in to change notification settings - Fork 0
Authentication
Kevin Lee edited this page Feb 12, 2016
·
4 revisions
The current routes configuration is located at app/Http/Routes/index.php
Route::group(['prefix' => 'api/v1'], function () {
//Retrieve or refresh token
Route::post('token', ['uses' => 'UsersController@token', 'middleware' => 'auth']);
//Apply VerifyToken middleware to api
Route::group(['middleware' => 'token'], function () {
Route::resource('users', 'UsersController', ['except' => ['create', 'edit']]);
});
});
To authenticate, a user send a request to the api/v1/token endpoint:
POST https://<URL>/api/v1/token
The header of this POST request must contain the following parameter:
| Header | Value |
|---|---|
| Authorization | Required. Base 64 encoded string that contains the user email and password. The field must have the format: Authorization: Basic <base64 encoded email:password> |
For example:
$ curl -X POST -H "Authorization: Basic ZjM4ZjAw...WY0MzE=" https://<URL>/api/v1/token
{
"access_token": "NgCXRKc...MzYjw",
"token_type": "bearer",
"expires_in": 3600,
}
A user may also refresh their authentication session using the api/v1/token endpoint. They may send a valid access token instead of user credentials.
The header of this POST request must contain the following parameter:
| Header | Value |
|---|---|
| Authorization | Required. The field must have the format: Authorization: Bearer <access_token> |
curl -H "Authorization: Bearer NgCXRKc...MzYjw" https://<URL>/api/v1/users/
{
{
"id" : 1,
"firstname": "Test",
"lastname": "User",
"email": "user@test.com"
}, {
...