0

When I access my Laravel sanctum API with Postman, it works properly. This is the code of routes\api.php:

use App\Http\Controllers\PoiController;
use App\Http\Controllers\AuthController;
use Illuminate\Support\Facades\Route;
use Illuminate\Http\Request;

Route::middleware('auth:sanctum')->get('/user', function (Request $request) {
    return $request->user();
});

Route::get('/', function(){
    return response()->json([
        'status'=>false,
        'message' => 'Anda tidak berhak'
    ],401);
})->name('login');

Route::post('register-user', [AuthController::class, 'registerUser']);
Route::post('login-user', [AuthController::class, 'loginUser']);
Route::get('poi', [PoiController::class, 'index'])->middleware('auth:sanctum');
Route::post('store', [PoiController::class, 'store'])->middleware('auth:sanctum');

And this is the PoiController.php :

<?php

namespace App\Http\Controllers;

use App\Models\Poi;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Validator;
use Laravel\Sanctum\PersonalAccessToken;

class PoiController extends Controller
{

    public function index()
    {
        $data = Poi::orderBy('nama', 'asc')->get();

        $yuser = Auth::user();

        return response()->json([
            'status' => true,
            'message' => 'data ditemukan',
            'nama' => $yuser->name,
            'data' => $data
        ], 200);
    }

    public function store(Request $req)
    {
        $data = new Poi();

        $rules = [
            'nama' => 'required',
            'jenis' => 'required'
        ];

        $validasi = Validator::make($req->all(), $rules);

        if($validasi->fails()){
            return response()->json([
                'status' => false,
                'message' => 'isian tidak valid!',
                'data' => $validasi->errors()
            ], 401);
        }

        $data->nama = $req->nama;
        $data->jenis = $req->jenis;

        $data->save();

        return response()->json([
            'status' => true,
            'message' => 'Data berhasil diinput'
        ],200);
    }

I want only registered users to have access to the data for security reasons. Using Laravel Sanctum, even a registered user could not access the data with Laravel Sanctum if they only provided their email address and password without a token.

enter image description here

As far as I'm aware, the token is created after user had successfully login and the user use the token to maka a new GET call.

enter image description here

enter image description here

My question is how to make GET API call just like I do in Postman, with a basic HTML form or even in other programming language?. I hope my question much clearer now. Thanks

Improve this question
5
  • The GET call contains the username, password, and the token ...why do you have to pass the username and password again, when you already passed them in the POST request, in order to get the token? Normally the purpose of using access tokens is so the caller doesn't have to pass their credentials in every request, and - because tokens expire - anyone who steals an access token only has temporary/limited access to the API. So this makes me think the API is not properly designed. Either that or you haven't properly described the situation. Commented Sep 10, 2024 at 16:06
  • Also credentials should generally not be passed in a GET request like that - since by convention there's no request body in a GET, this implies that the credentials would be passed as URL parameters, which greatly increases the chances they'll leak out - e.g. into server/proxy/router logs etc. So that's another bad design. Unless of course you mean that the token (and maybe the username/password) should be passed as headers in the GET request? You didn't specify what format of request the API requires, therefore we can't tell you how to structure any kind of code to send a request to it. Commented Sep 10, 2024 at 16:09
  • Please edit your question to clarify the situation fully, so we can give you accurate help. See also How to Ask and how to make a minimal reproducible example of your coding issue. Remember we can't see your screen, access your Postman settings, or read your mind. If there's detail which is relevant to the issue, you need to include that in your question directly. Thanks. Commented Sep 10, 2024 at 16:09
  • with a basic HTML form...you cannot send a HTTP request with custom headers in it, such as a bearer token. The browser constructs the HTTP request when you submit the form, and with the form you can control the URL, the HTTP method, and the body parameters. You can't set other headers. So to do that from a web page you'd need to handle the form submission using JS and then send the HTTP request via AJAX, so you can control the other parts of the request including headers. Commented Sep 11, 2024 at 13:36
  • As for any other programming language, they all have HTTP libraries where you can build and send a HTTP request with full control over its structure. Postman can even generate code samples in several languages which are equivalent to a request you have built in Postman (if you go to a request in PostMan, you can click the "code" icon on the right-hand side, and then choose language from the drop-down list and it will generate a code snippet you can use. Commented Sep 11, 2024 at 13:38
Related questions
2853
How do I get a YouTube video thumbnail from the YouTube API?
53
Auth::user() returns null
1
RouteNotFoundException [login] Laravel Sanctum
Load 6 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.