In my API project, I developed a robust API using Laravel Sanctum, ensuring secure and efficient authentication for users. Here are some critical aspects I emphasized in building the API.
REST Endpoints
I structured the endpoints based on resources rather than actions and verbs.
This approach ensures a clean, intuitive design and supports hierarchical relationships.
Route::apiResource('tasks.subtasks', SubtasksController::class);Exception Handling
I've implemented a comprehensive error handling to prevent exceptions from reaching the client.
$exceptions->render(function (AuthenticationException $e, Request $request) {
if ($request->is('api/*')) {
return response()->json([
'message' => 'Access denied due to invalid credentials.'
], 401);
}
})
API Security
Input Validation and Sanitation
Created form request validation classes for cleaner and more manageable validation processes, ensuring that all inputs were properly validated and sanitized before processing.
Authorization
I generated policies to authorize actions, and PHP Traits to simplify the responses throughout the API.
if (Gate::denies('createSubtask', $subtask)) {
return $this->error('', 'You are not authorized to make this request.', 403);
}
Authentication
I leverage Laravel Sanctum to implement token-based authentication with token expiration and utilize middleware to protect API endpoints.
Version Control
Setup your routing prefix in app.php file to requests route to different versions of your controllers, keeping it consistent and reliable.
By focusing on these key aspects, the API is secure, organized, and scalable, providing a solid foundation for any application built on top of it.