Authentication with Laravel Sanctum and Vue

Sign in Get started

This episode is for members only

Sign up to access "Authentication with Laravel Sanctum and Vue" right now.

Already a member? Sign in to continue

Playing

21. Switching to API resources

Episodes

0%

Your progress

Total: 1h 35m
Played: 0m
Remaining: 1h 35m

Join or sign in to track your progress

01. Introduction

01. Introduction and demo

02. Fresh Laravel and Vite projects

03. Running on the same domain

02. Authenticating with Sanctum

04. Installing Sanctum

05. Installing Fortify

06. A quick authentication test

07. How composables work

08. Moving auth to a composable

09. Attempting authentication

10. Authenticating on reload

11. Handling authentication errors

12. Logging out

03. Building a system

13. Installing Tailwind

14. Building the navigation

15. Building the login page

16. Logging out from the navigation

17. Registering an account

18. Middleware pipelines

19. Guest middleware

20. Authenticated middleware

21. Switching to API resources

Transcript

00:00

Let's talk about using API resources rather than the default structure that we get when we install

00:05

a fresh Laravel project. Let's go ahead and sign in and then I'll show you what I mean. So if we head over to our network tab, you'll notice that when we go ahead and perform an action, let's go ahead and sign in again, just to demonstrate this, you can see that the user that we get back has a very specific structure and it reveals quite a lot about what is going on

00:29

in the database. A much better solution is to use API resources. So if we head over to our Laravel app and we open up our API routes, let's have a look at what's happening. In here, this route that we are calling to get the user's information, we're just dumping out the object which is converted into JSON. Let's switch this up for an API resource. So we're going to go ahead

00:52

and make out a resource here and we could just call this user resource, it doesn't matter, and instead of returning this user here, we are going to grab that user resource and we're going to make this passing that user in. Now, this isn't going to make any difference at the moment, apart from the fact that this data is now going to be wrapped in a data property.

01:14

If we head over to our app and give it a refresh, you see that the name has disappeared. You can see this user request here does contain all this information, but it's now wrapped in data. Now you've got two options, you can either update your client to take into account this data wrapper or you can disable it altogether. Now I prefer to disable it, so over in the app

01:33

service provider, I'm going to come down to our boot method here and I'm going to access the JSON resource class and I'm going to say without wrapping. So that will just set it back to normal and you can see that we just get exactly the same information. The difference now though is that over in that user resource, we can go ahead and update this. So let's open up the user resource,

01:54

you see by default it just does exactly the same thing as if we were to dump it, gives us JSON back, but we can now go ahead and structure this in a way that makes more sense and doesn't reveal too much. So we could say this ID, we might need the user's ID and we will probably need their name and we might even need stuff like their email address.

02:14

Let's just keep those three in there for now, you can go ahead and add more to this later if you need to. Okay if we head over and give this a refresh now, let's check out this request and there we go. You can see first of all we're sending a lot less data back and also we're not revealing the entire database structure.

Episode summary

In this episode, we're making a big improvement to how our Laravel app handles API responses. Right now, when someone logs in and we get user info from the backend, Laravel just spits out the whole user object as JSON. The problem with this is that it can expose way more data than we want—like every single field from the database. Not ideal!

So, we talk through how to use Laravel's API Resource classes to take control of what we're actually sending back. We first generate a UserResource and switch our route to use this resource for formatting the user data. By default, Laravel wraps the returned data in a data property, which you can either adapt to on the frontend or, as shown here, disable entirely for a flatter response.

After we've set up the resource, we dive into customizing which fields are exposed. Instead of sending the full user object, we just pick out the id, name, and email—nothing else. After making these changes, we check our API response again, and voilà! We’re returning just what we need, no sensitive or extra database fields getting leaked to the client. It's a much safer and cleaner approach for building your API.

Episode discussion

No comments, yet. Be the first!