Creating REST APIs with Sanctum Authentication in Laravel: A Comprehensive Guide


Laravel is a popular PHP framework known for its elegant syntax and rich ecosystem. When building modern web applications, it's common to expose a RESTful API to interact with the backend. In this article, we will explore how to create REST APIs with Sanctum authentication in Laravel. Sanctum is a lightweight authentication system provided by Laravel that allows you to secure your APIs easily. By following the steps outlined in this guide, you'll be able to set up a secure REST API with Sanctum in Laravel.


Before we begin, make sure you have the following prerequisites:

  • Laravel installed on your development environment

  • Basic understanding of Laravel and RESTful APIs

  • Composer installed on your machine

Step 1: Set Up a Laravel Project

Start by creating a new Laravel project using the Laravel CLI. Open your terminal and run the following command:

$ laravel new my-api-project

Step 2: Install and Configure Sanctum

Laravel Sanctum can be installed via Composer. In your terminal, navigate to your project's directory and run the following command:

$ composer require laravel/sanctum

After the installation, you need to publish the Sanctum configuration file and run the migration to create the necessary database tables. Run the following commands:

$ php artisan vendor:publish --provider="Laravel\Sanctum\SanctumServiceProvider"
$ php artisan migrate

Step 3: Create API Routes

Next, you'll define the API routes in your Laravel application. Open the routes/api.php file and define your API routes. For example:

// Routes requiring authentication
Route::middleware('auth:sanctum')->group(function () {
// Your authenticated API routes here

// Public routes
Route::post('/login', 'AuthController@login');
// Other public API routes here

Step 4: Implement Authentication

In the example above, we have a /login route for user authentication. Create a new controller called AuthController and implement the login logic. This can include validating user credentials, generating an API token, and associating it with the authenticated user.

Step 5: Protect Routes with Authentication

Any route you want to protect with authentication can be wrapped inside the auth:sanctum middleware. This ensures that only authenticated requests can access those routes. For example:

Route::middleware('auth:sanctum')->group(function () {
Route::get('/user', function (Request $request) {
return $request->user();

Step 6: Testing the API

With the authentication set up, you can now test your REST API using tools like Postman or cURL. Send requests to the protected routes by including the API token in the request headers.

Are you looking for REST API development services? Click Here


Laravel Sanctum provides a simple yet powerful way to secure your REST APIs in Laravel. By following the steps outlined in this guide, you have learned how to set up Sanctum authentication, define API routes, protect routes with authentication, and test your API endpoints. With this knowledge, you can confidently create RESTful APIs with Sanctum in Laravel and ensure the security of your applications.