Unlike JWT or Passport API authentication in Laravel, sanctum provides a very clean and very tiny step API authentication which is very simple to use and very simple to create. By default, Laravel provides all the configuration for the Sanctum API authentication. No need to install any package for it. By default, Laravel provides an inbuilt installation of the sanctum.

In this tutorial, we will see how to create an API with authentication in Laravel. We will use Sanctum to create this REST API authentication in Laravel 10 application. So you will see a complete tutorial of Laravel 10 sanctum API authentication. To create this sanctum authentication, we need the HasApiTokens trait in our user model. Using this trait, we will create a token for API authentication. Let's see the example tutorial of Laravel sanctum API authentication example:


Step 1: Install Laravel 10

First of all, we need to get a fresh Laravel 10 version application using the bellow command to start laravel api authentication with sanctum.

composer create-project laravel/laravel example-app


Step 2: Connect Database

I am going to use the MYSQL database for this laravel 10 sanctum api authentication. So connect the database by updating.env like this:




Now run php artisan migrate command to migrate the database.


Read also: Laravel 10 JWT - Complete API Authentication Tutorial


Now we need to update the Kernel.php file to use Sanctum. So uncomment the sanctum middleware like below:


'api' => [


Step 3: Create Route

Here, we need to add routes to create this laravel sanctum tutorial. So update the api routes file like this:



use Illuminate\Support\Facades\Route;
use App\Http\Controllers\API\AuthController;

Route::controller(AuthController::class)->group(function () {
    Route::post('login', 'login');
    Route::post('register', 'register');
    Route::post('logout', 'logout');


Step 4: Create Controller

Now we have to create AuthController to complete our laravel sanctum token tutorial. So run the below command to create a controller:

php artisan make:controller API/AuthController


Now update this controller like this:



namespace App\Http\Controllers\API;

use App\Models\User;
use Illuminate\Http\Request;
use App\Http\Controllers\Controller;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Hash;

class AuthController extends Controller
    public function __construct()
        $this->middleware('auth:sanctum', ['except' => ['login', 'register']]);

    public function login(Request $request)
            'email' => 'required|string|email',
            'password' => 'required|string',
        $credentials = $request->only('email', 'password');
        if (Auth::attempt($credentials)) {
            $user = Auth::user();
            return response()->json([
                'user' => $user,
                'authorization' => [
                    'token' => $user->createToken('ApiToken')->plainTextToken,
                    'type' => 'bearer',

        return response()->json([
            'message' => 'Invalid credentials',
        ], 401);

    public function register(Request $request)
            'name' => 'required|string|max:255',
            'email' => 'required|string|email|max:255|unique:users',
            'password' => 'required|string|min:6',

        $user = User::create([
            'name' => $request->name,
            'email' => $request->email,
            'password' => Hash::make($request->password),

        return response()->json([
            'message' => 'User created successfully',
            'user' => $user

    public function logout()
        return response()->json([
            'message' => 'Successfully logged out',

    public function refresh()
        return response()->json([
            'user' => Auth::user(),
            'authorisation' => [
                'token' => Auth::refresh(),
                'type' => 'bearer',


Now if you start your server by running php artisan serve and test all API via Postman like this:



And now see the Postman output:




And look at that Postman output:




Now see the Postman output. Don't forget to add a bearer token with your headers.


Read also: Laravel 10 Custom API Authentication Tutorial



After completing this laravel sanctum authentication tutorial, hope now you can create this laravel sanctum api authentication example in your laravel 10 application. Hope this laravel 10 sanctum api authentication tutorial will help you.

Category : #laravel

Tags : #laravel , #laravel api