Panduan ini sangat lengkap, detail, dan proper untuk membuat backend authentication (login, register, logout, dan proteksi API) pada Laravel 9 menggunakan Sanctum serta database MySQL. Tutorial ini cocok untuk pemula maupun menengah.
Daftar Isi
- Persiapan Lingkungan
- Install Laravel 9
- Konfigurasi Database MySQL
- Install Laravel Sanctum
- Publish dan Migrasi Sanctum
- Konfigurasi Auth Sanctum
- Buat Endpoint Authentication (Register, Login, Logout, Me)
- Proteksi Route API dengan Sanctum
- Test API dengan Postman
- Tips dan Best Practice
- Penutup
1. Persiapan Lingkungan
- Composer: Download di sini
- PHP: minimal versi 8.0
- MySQL: pastikan sudah terinstall & running
- Postman atau API Client lain (untuk testing)
- Terminal/Command Prompt
2. Install Laravel 9
Jalankan perintah berikut di terminal:
composer create-project laravel/laravel:^9.0 laravel-sanctum-auth
cd laravel-sanctum-auth
3. Konfigurasi Database MySQL
Edit file .env dan sesuaikan konfigurasi berikut:
DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=nama_database
DB_USERNAME=root
DB_PASSWORD=passwordmysql
Buat database di MySQL sesuai nama pada DB_DATABASE (misal: laravel_sanctum).
4. Install Laravel Sanctum
Jalankan perintah berikut:
composer require laravel/sanctum
5. Publish dan Migrasi Sanctum
Publish config Sanctum:
php artisan vendor:publish --provider="Laravel\Sanctum\SanctumServiceProvider"
Lalu migrate:
php artisan migrate
6. Konfigurasi Auth Sanctum
a. Tambahkan middleware Sanctum di app/Http/Kernel.php pada group api:
// app/Http/Kernel.php
protected $middlewareGroups = [
// ...
'api' => [
\Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
'throttle:api',
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
];
b. Set driver API di .env:
SANCTUM_STATEFUL_DOMAINS=localhost
SESSION_DRIVER=cookie
Tapi untuk API pada mobile atau pure API, cukup gunakan middleware
auth:sanctumdi route.
7. Buat Endpoint Authentication (Register, Login, Logout, Me)
a. Buat Controller
php artisan make:controller AuthController
b. Implementasi Controller
// app/Http/Controllers/AuthController.php
<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use App\Models\User;
use Illuminate\Support\Facades\Hash;
class AuthController extends Controller
{
// REGISTER
public function register(Request $request)
{
$request->validate([
'name' => 'required|string|max:255',
'email' => 'required|string|email|unique:users',
'password' => 'required|string|min:6',
]);
$user = User::create([
'name' => $request->name,
'email' => $request->email,
'password' => Hash::make($request->password),
]);
return response()->json([
'message' => 'User registered successfully!',
'user' => $user
], 201);
}
// LOGIN
public function login(Request $request)
{
$request->validate([
'email' => 'required|email',
'password' => 'required',
]);
$user = User::where('email', $request->email)->first();
if (! $user || ! Hash::check($request->password, $user->password)) {
return response()->json(['message' => 'Invalid credentials'], 401);
}
$token = $user->createToken('auth_token')->plainTextToken;
return response()->json([
'message' => 'Login success!',
'access_token'=> $token,
'token_type' => 'Bearer',
'user' => $user,
]);
}
// LOGOUT
public function logout(Request $request)
{
$request->user()->currentAccessToken()->delete();
return response()->json([
'message' => 'Logged out successfully'
]);
}
// ME - Get current user
public function me(Request $request)
{
return response()->json($request->user());
}
}
c. Tambahkan Route API
// routes/api.php
use App\Http\Controllers\AuthController;
Route::post('/register', [AuthController::class, 'register']);
Route::post('/login', [AuthController::class, 'login']);
Route::middleware('auth:sanctum')->group(function () {
Route::post('/logout', [AuthController::class, 'logout']);
Route::get('/me', [AuthController::class, 'me']);
});
8. Proteksi Route API dengan Sanctum
Contoh menambah route yang hanya bisa diakses oleh user yang sudah login:
Route::middleware('auth:sanctum')->get('/profile', function (Request $request) {
return response()->json($request->user());
});
Bisa juga untuk route resource lain:
Route::middleware('auth:sanctum')->group(function() {
Route::get('/posts', [PostController::class, 'index']);
// dan lain-lain...
});
9. Test API dengan Postman
a. Register
-
POST
http://localhost:8000/api/register -
Body (JSON):
{ "name": "Roni", "email": "roni@example.com", "password": "password123" }
b. Login
-
POST
http://localhost:8000/api/login -
Body (JSON):
{ "email": "roni@example.com", "password": "password123" } Response: Dapatkan
access_token.
c. Akses Endpoint /me
-
GET
http://localhost:8000/api/me -
Header:
Authorization: Bearer <access_token> Response: Data user yang sedang login.
d. Logout
-
POST
http://localhost:8000/api/logout -
Header:
Authorization: Bearer <access_token>
10. Tips dan Best Practice
- Gunakan HTTPS di server production.
- Validasi semua input user.
- Untuk multi device login, jangan lupa revoke token jika diperlukan:
$request->user()->tokens()->delete(); // logout all device
- Untuk mobile app, gunakan storage secure untuk token.
11. Penutup
Sekarang backend Laravel 9 Anda sudah mendukung autentikasi API yang aman menggunakan Sanctum dan MySQL.
Anda bisa menambah fitur, seperti verifikasi email, reset password, atau role management sesuai kebutuhan.
Selamat mencoba! 🚀
Referensi:
Top comments (0)