Laravel Sanctum
Sanctum provides token-based API authentication for SPAs and mobile apps with minimal setup.
PHP
Intermediate
4 min read
API Authentication with Sanctum
Example
// routes/api.php
Route::post("/login", [AuthController::class, "login"]);
Route::middleware("auth:sanctum")->group(function () {
Route::get("/user", fn($req) => $req->user());
Route::apiResource("posts", PostController::class);
});
// AuthController
$token = $user->createToken("app-token", ["posts:read", "posts:write"])->plainTextToken;
return response()->json(["token" => $token]); Pro Tip
Sanctum tokens can have abilities (scopes) — use $user->tokenCan("posts:write") to authorise actions.