Laravel Magazine

Securing Your Laravel API with Sanctum

Securing Your Laravel API with Sanctum

Laravel Sanctum is a lightweight authentication package that covers the two most common API authentication scenarios: cookie-based auth for SPAs (Vue, React, Inertia) that live on the same domain, and token-based auth for mobile apps, CLI tools, and third-party integrations. One package, two modes. This tutorial walks through both, then covers token abilities and expiration, which are the features most developers skip until they regret it. Installation Sanctum ships with new Laravel applications. For existing projects: composer require laravel/sanctum php artisan vendor:publish --provider="Laravel\Sanctum\SanctumServiceProvider" php artisan migrate Mode 1: SPA Cookie Authentication For a single-page application that lives on the same domain or subdomain as your Laravel API, Sanctum uses standard Laravel session cookies rather than tokens. This is the recommended approach for SPAs because it gives you CSRF protection, automatic session rotation, and browser-standard cookie handling. Con...

Recent Articles

Tutorials

Securing Your Laravel API with Sanctum

Laravel Sanctum handles both SPA cookie authentication and API token auth in one lightweight package. This tutorial covers both approaches, token abilities, expiration, and mobile auth.

News

Laravel MCP: Turn Your App Into an AI-Ready Server

The laravel/mcp package lets you expose your application as a structured MCP server so AI clients like Claude, Cursor, and GitHub Copilot can query your actual data instead of guessing at it.

Tips

5 Laravel Middleware Tricks You Probably Are Not Using

Middleware in Laravel goes well beyond authentication guards. These five techniques cover terminable middleware, priority ordering, route-level parameters, and more.

Tips

PHP 8.4 Features Every Laravel Developer Should Be Using

PHP 8.4 shipped property hooks, asymmetric visibility, and more. Here is what each feature means for your day-to-day Laravel code and how to start using them now.

Tips

Laravel Queue Tips for Reliable Background Jobs

These five underused Eloquent features will help you write less code, run fewer queries, and make your models a lot more pleasant to work with.

Lessons

Understanding Laravel's Service Container: The Heart of the Framework

Tutorials

Feature Flags Made Simple with Laravel Pennant

Tools News

Meet Moat: The Laravel CLI That Audits Your GitHub Security in One Command

Nuno Maduro just shipped Moat, a free Rust-powered CLI that scans your GitHub account, org, or repo and gives your security posture a hard look. Here is what it checks and why you should care.

Tutorials

Building Custom Dashboard Widgets in Filament v3

Latest Links

Tinkerwell 5 and the MCP Bridge: Let Claude Actually Run Your PHP Code

Shocm Jun 4, 2026

Containerizing Laravel Applications

Matt Casperson Jul 23, 2022

How to generate PHP enums from database in Laravel?

Richard Dobroň Jul 18, 2022

Why Laravel And VueJS Make A Perfect Combination For Full-Stack Development?

Emma Jhonson Jul 16, 2022

Moving A Laravel Webpack Project To Vite

Christoph Rumpel Jul 1, 2022

Weekly articles: We send a new issue of the newsletter every week on Friday.
No spam: We'll never share your email address and you can opt out at any time.