Laravel API Boilerplate is a ready-to-use "starting pack" that you can use to build your first API in seconds. As you can easily imagine, it is built on top of the awesome Laravel Framework Version 5.2. A true and complete implementation of REST API using Laravel.
If you are looking for API seed/boilerplate with Laravel 5.3, you can check my another repo at Laravel 5.3 API Seed
It has in-built support for :
- Token based api authentication
- API versioning, throttling, API Docs generation
- Request and Response modifiers, Error Codes and Transformers
It also benefits from three pacakages:
- JWT-Auth - tymondesigns/jwt-auth
- Dingo API - dingo/api
- Laravel-CORS barryvdh/laravel-cors
With a similar foundation is really easy to get up and running in no time. I just made an "integration" work, adding here and there something that I found useful.
Run following commands in Command Prompt
- Redirect to desired directory where you want to place your code
- Run 'git clone https://github.com/iamrutvik/laravel-api-seed-boilerplate.git.' Git for windows Required.
- Rename .env.example to .env file and add your app settings and database settings.
- Run composer install. This will install all vendor dependencies and Laravel Framework.
- Run 'php artisan migrate'. This will run the Migration and will create tables for authentication module.
- Run 'php artisan serve'. This will run Laravel default web server and you can access it using 'http://localhost:8000'.
By default to make the installation process smooth, I have removed storage/ and bootstrap/cache/ folder from .gitignore file. Later You might want to modify your .gitignore file to add them.
Run 'http://localhost:8000/api/auth/signup'
Open a Postman or any utility that can send the HTTP request, and Call 'http://localhost:8000/api/auth/signup'. Specify name, email and password in Form data and send request. You will receive the Auth token in response which you can use to send other API request later.
You can pass this authentication token in request parameter : http://localhost/api/user/cards?token=YOUR_ACCESS_TOKEN
To Perform login, call http://localhost:8000/api/auth/login and specify email and password in Form data.
- Create a controller in app\Api\V1\Controllers and add your logic
- Specify the Route in app\Http\api_routes.php file.
- Use the specified Route in Postman
Done!
As I already told before, this boilerplate is based on dingo/api and tymondesigns/jwt-auth packages. So, you can find many informations about configuration here and here.
However, there are some extra options that I placed in a config/boilerplate.php file.
- signup_fields: you can use this option to specify what fields you want to use to create your user;
- signup_fields_rules: you can use this option to specify the rules you want to use for the validator instance in the signup method;
- signup_token_release: if "true", an access token will be released from the signup endpoint if everything goes well. Otherwise, you will just get a 201 Created response;
- reset_token_release: if "true", an access token will be released from the signup endpoint if everything goes well. Otherwise, you will just get a 200 response;
- recovery_email_subject: here you can specify the subject for your recovery data email;
You can create endpoints in the same way you could to with using the single dingo/api package. You can read its documentation for details.
After all, that's just a boilerplate! :)
I've put an "AuthController" in App\Api\V1\Controllers. It supports the four basic authentication/password recovery operations:
- login();
- signup();
- recovery();
- reset();
In order to work with them, you just have to make a POST request with the required data.
You will need:
- login: just email and password;
- signup: whatever you like: you can specify it in the config file;
- recovery: just the user email address;
- reset: token, email, password and password confirmation;
You can specify your routes in the api_routes.php file, that will be automatically loaded. In this file you will find many examples of routes.
The problem with protected routes as specified in api_routes.php that if one user keeps using login route to generate new token, all previously generated tokens are also active and they can use them which is a breach of API security.
To overcome this issue, You can use newly created token for each request. You can do that by using 'jwt.refresh' middleware, as specified in api_routes.php. So when you send one request you will get another newly generated token in authentication header with response. All previous token will be get invalidated.
When you use recovery() route, it will use default Laravel Password Facade to send email reset link, which in order to send mail uses a template from /resources/views/auth/emails/password.php.
To make the directory structure more API development friendly, I have modified the structure to /resources/views/emails/auth/password.php. Thus you can manage all modules' mails in emails directory, module wise. Though you can configure and change the view path in config/auth.php by setting "email" key. The view file only utilize $token which will be used to reset password using reset() route. Check /resources/views/emails/auth/password.php file for more details.
Every time you create a new project starting from this repository, the php artisan jwt:generate command will be executed.
If you want to enable CORS for a specific route or routes group, you just have to use the cors middleware on them.
Thanks to the barryvdh/laravel-cors package, you can handle CORS easily. Just check the docs at this page for more info.
I currently removed the VerifyCsrfToken middleware from the $middleware array in app/Http/Kernel.php file. If you want to use it in your project, just use the route middleware csrf you can find, in the same class, in the $routeMiddleware array.
I currently made this project for personal purposes. I decided to share it here to help anyone with the same needs. If you have any feedback to improve it, feel free to make a suggestion, or open a PR!
I am planning to improve Responses and want to implement standards from json api. Those who are willing to contribute, can open a PR.
- Implement JSON API Standards from json api
- Implement Swagger 2.0 with annotations. Though, This Package comes with in built support for API Documentation.
