Authentication setup

Laravel Restify has the support for a facile authentication with Laravel Sanctum.

Now you can finally enjoy the auth setup (register, login, forgot, and reset password).


Migrate the users, password_resets table (they already exist into a fresh Laravel app).

Install sanctum

See the docs here. You don't need to add \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class, in your 'api' middleware group.

You only have to run these 3 commands:

composer require laravel/sanctum
php artisan vendor:publish --provider="Laravel\Sanctum\SanctumServiceProvider"
php artisan migrate

Define auth model

Define your authenticatable class in the config file:

// config/restify.php

'auth' => [
   'user_model' => \App\Models\User::class,

The User model should extend the Illuminate\Foundation\Auth\User class or implement the Illuminate\Contracts\Auth\Authenticatable interface.

Make sure you didn't skip adding the \Laravel\Sanctum\HasApiTokens trait to your User model.

// User.php

use Illuminate\Foundation\Auth\User as Authenticatable;
use Laravel\Sanctum\HasApiTokens;

class User extends Authenticatable
    use HasApiTokens;

Define routes

Restify provides you a simple way to add all of your auth routes prepared. Simply add in your routes/api.php:


And voila, now you have auth routes ready to be used.

These are the default routes provided by restify:

POST/api/restify/forgotPasswordforgot password
POST/api/restify/resetPasswordreset password
POST/api/restify/verify/{id}/{emailHash}verify user

The register and login routes are outside the base restify prefix because they don't have to follow the auth middleware defined in the config/restify.php config file.

Export auth controllers

All of these routes are handled by default, so you can just use them facilely. However, you can customize each of them by exporting auth controllers:

php artisan restify:auth

Now you have all the auth controllers and blade email files exported into your project.

Sanctum Middleware

Next, add the auth:sanctum middleware after the api middleware in your config file to protect all the restify's routes:

    'middleware' => [
Edit this page on GitHub Updated at Tue, Jul 26, 2022