DEV Community

Cover image for Creating a Rest API with Laravel
Kenta Takeuchi
Kenta Takeuchi

Posted on • Originally published at bmf-tech.com

Creating a Rest API with Laravel

#api #laravel #react #rest

This article was originally published on bmf-tech.com.

We are using React as the frontend framework with Laravel, and since we needed to design an API, we decided to give it a try.

What We'll Do

  • Create a ResourceController to build a simple API that outputs data
  • Implement authentication middleware in anticipation of public API exposure

What We Won't Do

  • Explain REST
  • Update or delete API data
  • Fetch and output data using Ajax

Environment

  • Laravel 5.2

Creating a Resource Controller

The artisan's morning starts early...
php artisan make:controller HogeController --resource

When the artisan gets to work, they create a controller like this.

<?php

namespace App\Http\Controllers;

use Illuminate\Http\Request;

use App\Http\Requests;

class HogeController extends Controller
{
    /**
     * Display a listing of the resource.
     *
     * @return \Illuminate\Http\Response
     */
    public function index()
    {
        //
    }

    /**
     * Show the form for creating a new resource.
     *
     * @return \Illuminate\Http\Response
     */
    public function create()
    {
        //
    }

    /**
     * Store a newly created resource in storage.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return \Illuminate\Http\Response
     */
    public function store(Request $request)
    {
        //
    }

    /**
     * Display the specified resource.
     *
     * @param  int  $id
     * @return \Illuminate\Http\Response
     */
    public function show($id)
    {
        //
    }

    /**
     * Show the form for editing the specified resource.
     *
     * @param  int  $id
     * @return \Illuminate\Http\Response
     */
    public function edit($id)
    {
        //
    }

    /**
     * Update the specified resource in storage.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  int  $id
     * @return \Illuminate\Http\Response
     */
    public function update(Request $request, $id)
    {
        //
    }

    /**
     * Remove the specified resource from storage.
     *
     * @param  int  $id
     * @return \Illuminate\Http\Response
     */
    public function destroy($id)
    {
        //
    }
}
Enter fullscreen mode Exit fullscreen mode

Let's quickly create the API. We'll modify the index() method.

    /**
     * Display a listing of the resource.
     *
     * @return \Illuminate\Http\Response
     */
    public function index()
    {
        $user = \Auth::user();

        return \Response::json($user);
    }
Enter fullscreen mode Exit fullscreen mode

Just return JSON with Response (:3」∠)

Routing 

//-------------------------------
// API
//-------------------------------
Route::group(['prefix' => 'api'], function () {
    Route::resource('user', 'Resource\UserAuthController');
});
Enter fullscreen mode Exit fullscreen mode

Note: From Laravel 5.3, routes are organized into directories like web.php and api.php. It's best to write in api.php.

Accessing /api should output a JSON response.

About API Authentication

When you want to avoid people directly hitting the API or want to expose the API externally, it's good to set up authentication. Here, we'll provide an example of using middleware for authentication.

Route::group(['middleware' => 'auth.user'], function () {
    Route::get('/userlist', 'UserList\UserListController@getIndex');

    //-------------------------------
    // API
    //-------------------------------
    Route::group(['prefix' => 'api'], function () {
        Route::resource('user', 'Resource\UserAuthController');
    });
});
Enter fullscreen mode Exit fullscreen mode

We will create middleware called AuthenticateOfApi for API usage.

Some parts were referenced from Laravel Expert Training Book.

<?php

namespace App\Http\Middleware;

use App\Models\User;
use Closure;

class AuthenticateOfApi
{
    /**
     * @var string
     */
    const APPLICATION_TOKEN = 'x-application-token';

    /**
     * API Authenticate
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        // Cookie authentication
        if (login check returning boolean) {
          // Return user info, etc.
        }

        // API Token authentication
        if (check if header contains x-application-token) {
          // Return user info, etc.
        }

        if (not logged in and no x-application-token) {
            return abort(401);
        }

        return $next($request);
    }
}
Enter fullscreen mode Exit fullscreen mode

Including the APIToken in the header when using the API internally nullifies the purpose of authentication (since the header is visible to users, anyone can use the API if the token is stolen).

Therefore, when using the API internally, it's better to use the same authentication method as login.
Auth::guard('users')->check() for login checks!

For external API usage, you can authenticate by including the token in the header with JavaScript and POSTing it.

Please refer to other articles for more on API authentication.

Thoughts

Creating and using APIs with Laravel is easy, but API design seems quite deep. It's quite fun to use the API you created yourself, so I'll try to put in some effort.

References

Top comments (0)