In this lesson, we protect our first Laravel API routes using Sanctum.
We separate public routes from protected routes, add the auth:sanctum middleware group, create the /me endpoint, and add a logout endpoint that revokes the current access token.
Then we test everything in Postman.
We prove that the token actually works by calling a protected route with a Bearer token, removing the token to get a 401 Unauthorized response, logging out, and then testing the same token again.
What you will learn in this lesson:
How to separate public and protected API routes
How to use the auth:sanctum middleware
How to create a protected /me endpoint
How Sanctum attaches the authenticated user to the request
How to access the logged-in user with $request-user()
How to create a logout endpoint
How to revoke the current access token
How to test protected routes with Postman
Endpoints created in this lesson:
GET /api/v1/me
POST /api/v1/logout
Previous lesson:
[ • Create Login Endpoint and Return Sanctum T... ]
Next lesson:
[Add Lesson 7 link here after publishing]
Full course playlist:
[ • Laravel REST API Authentication with Sanctum ]
Production note:
This course uses AI-assisted narration for clear and consistent audio. All code, explanations, and examples are created, reviewed, and tested carefully before publishing.
#Laravel #LaravelSanctum #RESTAPI #PHP #BackendDevelopment