Add authentication via key while building a quick API for your Laravel 4.2 web application

Add authentication via key while building a quick API for your Laravel 4.2 web application

I needed to create a quick small API for some entities in an existing Laravel 4.2 web application. I searched for a quick way to add simple authentication for the API. I found chrisbjr/api-guard to be useful. As per the readme of chrisbjr/api-guard, most of the people are using version 0.* and version 1.0.* is the recent version which supports Laravel 4.2. So, I decided to use v1.0.*.

Add chrisbjr/api-guard to your project.

$ php composer.phar require chrisbjr/api-guard:1.0.*

or you can add the following in the require key of composer.json file

"chrisbjr/api-guard": "1.0.*"

Run the Composer update command

$ php composer.phar update

In your config/app.php add ‘Chrisbjr\ApiGuard\ApiGuardServiceProvider’ to the end of the providers array.

Now generate the api-guard migration (make sure you have your database configuration set up correctly):

$ php artisan migrate --package="chrisbjr/api-guard"

Now to generate the API keys, run the following command:

$ php artisan api-key:generate

As it’s a simple API access application we don’t need to bind users to the API keys.

Basic usage of ApiGuard is to create a controller and extend that class to use the ApiGuardController.

use Chrisbjr\ApiGuard\ApiGuardController;

class BooksController extends ApiGuardController
{
    public function all()
    {
        $books = Book::all();

        return $this->response->withCollection($books, new BookTransformer);
    }

    public function show($id)
    {
        try {
            $book = Book::findOrFail($id);

            return $this->response->withItem($book, new BookTransformer);
        } catch (ModelNotFoundException $e) {
            return $this->response->errorNotFound();
        }
    }
}

If your controller has a constructor then this will not work. So, you need to call the constructor of the parent class. So add the following code to your constructor:

parent::__construct();

All the methods in the class will now require the API Key Authentication. However, you can turn off API key authentication for any specific method by using the keyAuthentication option.

use Chrisbjr\ApiGuard\Controllers\ApiGuardController;

class BooksController extends ApiGuardController
{

    protected $apiMethods = [
        'show' => [
            'keyAuthentication' => false
        ],
    ];

But I wanted to turn off API key authentication for all methods by default. So, I forked chrisbjr/api-guard to add the necessary features I needed. To use my fork, you need to add Debiprasad/api-guard as a VCS respository to your composer.json file. To do that add the following code to your composer.json file:

"repositories": [
    {
        "type": "vcs",
        "url": "https://github.com/Debiprasad/api-guard"
    }
],

Now update composer.

$ php composer.phar update

Now we need to create our own config file for ApiGuard. To create your own configuration file for ApiGuard, run the following command:

$ php artisan config:publish chrisbjr/api-guard

The configuration file will be found in app/config/packages/chrisbjr/api-guard/config.php. Open this file and change the keyAuthentication variable to false.

This will turn off API key authentication for all methods by default. To turn on API key authentication for any method by using the keyAuthentication option.

use Chrisbjr\ApiGuard\Controllers\ApiGuardController;

class BooksController extends ApiGuardController
{
    protected $apiMethods = [
        'show' => [
            'keyAuthentication' => true
        ],
    ];

Leave a Reply