API Development in Laravel 8 using JWT token
API is the acronym for Application Programming Interface, which is a software intermediary that allows two applications to talk to each other. Each time you use an app like Facebook, send an instant message or check the weather on your phone, you’re using an API.
Let’s install Laravel 8 via composer. (https://laravel.com/docs/8.x/installation#installation-via-composer)
composer create-project laravel/laravel laravel-jwt-apiNow go to the folder and start the server
php artisan serveRun the following URL to the browser: http://127.0.0.1:8000/
So We will create two tables
1.)users — (id , name , email , phone , phone_no , password)
2.)courses — (id , user_id , title , description , total_videos)
User can enroll to multiple courses
We create following APIs
1.) Login (after login we create JWT token)
2.) Register
3.) User profile
4.) User course enrollment
5.) Total courses
6.) Delete user courses
So what is JWT ? (https://jwt.io/)
JSON Web Tokens are an open, method for representing claims securely between two parties.
Let’s take example
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
This token is concated by 3 diffrent string.
1.) Header with alogorithm
2.) Payload data
3.) Signature
To connect database with application, Open .env file from application root. Search for DB_ and update your details.Now install JWT.
composer require tymon/jwt-authand migrate file.
php artisan migrateNow go to app.php and update providers array.
Tymon\JWTAuth\Providers\LaravelServiceProvider::class,Also update aliases.
'JWTAuth' => Tymon\JWTAuth\Facades\JWTAuth::class,
'JWTFactory' => Tymon\JWTAuth\Facades\JWTFactory::class,Now
php artisan vendor:publish --provider="Tymon\JWTAuth\Providers\LaravelServiceProvider"php artisan jwt:secret
This will generate JWT token. Now save to .env file as JWT_SECRET.
Now to create JWT token at login time let’s do some change to User.php.
use Tymon\JWTAuth\Contracts\JWTSubject;
class User extends Authenticatable implements JWTSubjectpublic function getJWTIdentifier()
{
return $this->getKey();
}public function getJWTCustomClaims()
{
return [];
}
Now configure Auth guard. Go to auth.php.
'defaults' => [
'guard' => 'api', // update here
'passwords' => 'users',
],'api' => [ // update here
'driver' => 'jwt',
'provider' => 'users',
'hash' => false,
],
Now create migration for users and students table. Now add phone_no to users table migration file and then create courses table migration. Add following line to users table migration file.
$table->string("phone_no", 20);php artisan make:migration CreateCoursesTable
Add following line to course migration file.
<?phpuse Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;class CreateCoursesTable extends Migration
{
/**
* Run the migrations.
*
* @return void
*/
public function up()
{
Schema::create('courses', function (Blueprint $table) {
$table->id();
//$table->integer("user_id")->unsigned();
$table->unsignedInteger("user_id");
$table->string("title", 80);
$table->text("description")->nullable();
$table->integer("total_videos");
});
}/**
* Reverse the migrations.
*
* @return void
*/
public function down()
{
Schema::dropIfExists('courses');
}
}php artisan migrate:refresh
php artisan make:model Course
Now put following code to Course.php
<?phpnamespace App\Models;use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;class Course extends Model
{
use HasFactory;protected $table = "courses";public $timestamps = false;protected $fillable = ["user_id", "title", "description", "total_videos"];
}
Now make UserController.
php artisan make:controller Api/UserController --model=User
php artisan make:controller Api/CourseController --model=CourseNow define routes in API.php
use App\Http\Controllers\Api\UserController;
use App\Http\Controllers\Api\CourseController;Route::post("register", [UserController::class, "register"]);
Route::post("login", [UserController::class, "login"]);Route::group(["middleware" => ["auth:api"]], function(){Route::get("profile", [UserController::class, "profile"]);
Route::get("logout", [UserController::class, "logout"]);// course api routes
Route::post("course-enrol", [CourseController::class, "courseEnrollment"]);
Route::get("total-courses", [CourseController::class, "totalCourses"]);
Route::get("delete-course/{id}", [CourseController::class, "deleteCourse"]);
});Route::middleware('auth:api')->get('/user', function (Request $request) {
return $request->user();
});
Now let’s add method defination in UserController.php
<?phpnamespace App\Http\Controllers\Api;use App\Http\Controllers\Controller;
use App\Models\User;
use Illuminate\Http\Request;class UserController extends Controller
{
// USER REGISTER API - POST
public function register(Request $request)
{
// validation
$request->validate([
"name" => "required",
"email" => "required|email|unique:users",
"phone_no" => "required",
"password" => "required|confirmed"
]);// create user data + save
$user = new User();$user->name = $request->name;
$user->email = $request->email;
$user->phone_no = $request->phone_no;
$user->password = bcrypt($request->password);$user->save();// send response
return response()->json([
"status" => 1,
"message" => "User registered successfully"
], 200);
}// USER LOGIN API - POST
public function login(Request $request)
{
// validation
$request->validate([
"email" => "required|email",
"password" => "required"
]);// verify user + token
if (!$token = auth()->attempt(["email" => $request->email, "password" => $request->password])) {return response()->json([
"status" => 0,
"message" => "Invalid credentials"
]);
}// send response
return response()->json([
"status" => 1,
"message" => "Logged in successfully",
"access_token" => $token
]);
}// USER PROFILE API - GET
public function profile()
{
$user_data = auth()->user();return response()->json([
"status" => 1,
"message" => "User profile data",
"data" => $user_data
]);
}// USER LOGOUT API - GET
public function logout()
{
auth()->logout();return response()->json([
"status" => 1,
"message" => "User logged out"
]);
}
}
Register API — POST — http://127.0.0.1:8000/api/register
{"name" : "First student","email" : "test@test.com","phone_no" : "1234567891","password":"123456","password_confirmation" : "123456"}
Login API — POST — http://127.0.0.1:8000/api/login
{"email" : "test@test.com","password":"123456",}
User Profile API — GET — http://127.0.0.1:8000/api/profile
Pass JWT token to the header in Authorization: bearer token
User Logout API — GET — http://127.0.0.1:8000/api/logout
Pass JWT token to the header in Authorization: bearer token
Now copy the following code to CourseController.php
<?phpnamespace App\Http\Controllers\Api;use App\Http\Controllers\Controller;
use App\Models\Course;
use App\Models\User;
use Illuminate\Http\Request;class CourseController extends Controller
{
// COURSE ENROLLMENT API - POST
public function courseEnrollment(Request $request)
{// validation
$request->validate([
"title" => "required",
"description" => "required",
"total_videos" => "required"
]);// create course object
$course = new Course();$course->user_id = auth()->user()->id;
$course->title = $request->title;
$course->description = $request->description;
$course->total_videos = $request->total_videos;$course->save();// send response
return response()->json([
"status" => 1,
"message" => "Course enrolled successfully"
]);
}// TOTAL COURSE ENROLLMENT API - GET
public function totalCourses()
{
$id = auth()->user()->id;$courses = User::find($id)->courses;return response()->json([
"status" => 1,
"message" => "Total Courses enrolled",
"data" => $courses
]);
}// DELETE COURSE API - GET
public function deleteCourse($id)
{
// user id
// course id
// courses table
$user_id = auth()->user()->id;if (Course::where([
"id" => $id,
"user_id" => $user_id
])->exists()) {$course = Course::find($id);$course->delete();return response()->json([
"status" => 1,
"message" => "Course deleted successfully"
]);
} else {return response()->json([
"status" => 0,
"message" => "Course not found"
]);
}
}
}
Course Enroll API — POST — http://127.0.0.1:8000/api/course-enrol
Pass JWT token to the header.
{"title": "First Course","description": "Learn laravel api","total_videos": 1}
Total User Course — GET— http://127.0.0.1:8000/api/total-courses.
For that go to User.php to create has many relations between user and courses.
Pass JWT token to the header.
use App\Models\Course;
public function courses()
{
return $this->hasMany(Course::class);
}Delete Course — GET — http://127.0.0.1:8000/api/delete-course/user_id
Pass JWT token to the header.
