1

I am a bit confused, I have a web application having a login, Register, Logout. Some dashboard views etc(CRUD), I want to make an api for this application too.

Like an api which third party will use, Can update records, Can delete records etc.

Actually there should be some way which can be use by mobile app for CRUD.

I know we have that routes/api.php, But i am pretty confused that when to use it. Please explain the scenario, I am blank.

Update:

Scenario

Application having views, authentication system etc, How an android app will be able to perform CRUD operations on the same application ?

Improve this question
2
  • I think it would be better if you could provide a simple scenario and the result you would like to have so we can refer to that. Commented Apr 21, 2017 at 10:00
  • @AntonisTsimourtos Question Updated. Commented Apr 21, 2017 at 10:05

2 Answers 2

Reset to default
1

1.web routing uses session state, CSRF protection. does it mean api routing not using session state, CSRF protection?

All it possible but not required. You still can using sessions etc, but this is a REST principles violation.

2.laravel 5.3 uses seperate web and api routing, is there any advantages ?

It's just for your convenience. In Laravel 5.2 you need specify middleware for routes like ['web'] or ['api'] but it doesn't required anymore. In 5.3 routes stored in separated files and specify routes middleware not required.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

If you are specifying routes in api.php, you will need to use the auth:api middleware. For example:

Route::group(['middleware' => ['auth:api']], function () {
        Route::get('/test', function (Request $request) {
             return response()->json(['name' => 'test']);
        });
    });

Notes about Token auth and Laravel 5.3:

If you've setup laravel's default auth system, you will also need to add a column for api_token to the user table. If you are using DB seeders, you might want to add something like: 

$table->char('api_token', 60)->nullable();

to your users table seeder. Alternatively just add the column manually and fill that column with a random 60-char key.

When making the request, you can add the api_token as a URL/Querystring parameter like so: 

domain.com/api/test?api_token=[your 60 char key].

You can also send the key as a header (if using Postman or similar), i.e: Header: Authorization, Value: Bearer [your 60 char key].

I order to get a useful error if the token is incorrect, also send the following header with all requests: 

Header: Accept, Value: application/json. This allows the expectsJson() check in the unauthenticated() function inside App/Exceptions/Handler.php to work correctly.
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.