Skip to content

nrml-co/laravel-api-keys

Repository files navigation

Laravel Api Keys

Latest Version on Packagist Build Status Total Downloads

This package offers a different type on API key system for Laravel. The other options are either too simple or too complex.

Laravel ships with a guard that will allow you to create an access_token field in your user migration. This allows easy access to the api routes.

This package offers:

  • multiple keys per user
  • sandbox and production keys
  • scopes

Laravel/Passport is a the full on oauth implementation. This is a little more simple.

Installation

You can install the package via composer:

composer require nrml-co/laravel-api-keys
php artisan migrate

Laravel 5.8 and above will register the service provider automatically.

Usage - Creating Keys

First add the HasApiKeys trait to the User model that ships with Laravel.

use NrmlCo\LaravelApiKeys\HasApiKeys;


/**
 * Class User
 * @package App
 */
class User extends Authenticatable
{
    use Notifiable;
    use HasApiKeys;

Next create a User. Easiest to to this part in tinker.

$user = User::create([
        'name' => 'Ed Anisko',
        'email' => 'ed@nrml.co',
        'email_verified_at' => now(),
        'password' => '$2y$10$92IXUNpkjO0rOQ5byMi.Ye4oKoEa3Ro9llC/.og/at2.uheWG/igi', // password
        'remember_token' => Str::random(10)
        ]);

The user needs to be logged in. Programmatically it looks like this.

Auth::setUser($user);

Now the package will create ApiKeys for the authorized user.

LaravelApiKeys::create(); // default is SANDBOX

Copy the new api key.

Using the your API Keys

Add the new entry to the guards section of config/auth.php

    'guards' => [
        'web' => [
            'driver' => 'session',
            'provider' => 'users',
        ],

        'api' => [
            'driver' => 'token',
            'provider' => 'users',
            'hash' => false,
        ],

        "api_key" => [
            'driver' => 'api_key'
        ]

    ]

Use the 'auth:api_key' middleware in api.php routes.

Route::middleware('auth:api_key')->get('/user', function (Request $request) {
    return $request->user();
});

Replace the x-api-key header with your own api-key and test. Use the header Accept: application/json.

$ curl -X GET \
  http://homestead.test/api/user \
  -H 'Accept: application/json' \
  -H 'x-api-key: al4PA8V5jSuq4oFJOxK6lS4CeZEkDFtayBObJTHJ'

The above curl command will return the user authorized by the ApiKey.

{
    "id": 1,
    "name": "Ed Anisko",
    "email": "ed@nrml.co",    
    "created_at": "2019-10-17 07:18:59",
    "updated_at": "2019-10-17 07:18:59"
}

Testing

phpunit 

Changelog

Please see CHANGELOG for more information what has changed recently.

Contributing

Please see CONTRIBUTING for details.

Security

.

If you discover any security related issues, please email ed@normalllc.com instead of using the issue tracker.

Credits

License

The MIT License (MIT). Please see License File for more information.

Laravel Package Boilerplate

This package was generated using the Laravel Package Boilerplate.