2

I have a Laravel application using API token authentication. By default, the user needs to pass the api_token parameter as part of the URL, but I want to change api_token to a custom name parameter like api_key.

Currently the full URL looks like:

https://www.example.com/api/v2/?api_token=something&action=balance

however I want it to look like following:

https://www.example.com/api/v2?api_key=something&action=balance

OR

https://www.example.com/api/v2?key=something&action=balance

My API routes are using a middleware called auth:api, but I am unable to find this middleware to try and change its configuration.

miken32
  • 35,483
  • 13
  • 81
  • 108
Sameel Butt
  • 21
  • 1
  • Were any of the provided answers helpful? You should **upvote** with ▲ _all answers_ that were helpful if you have the reputation to do so. You should then **mark accepted** with ✓ the _one answer_ that best answered your question. [This will mark the question as "closed," and give you some reputation on the site](https://stackoverflow.com/help/someone-answers). If none of the answers were satisfactory, provide feedback with comments, or edit your question to clarify the problem. – miken32 Jan 22 '21 at 14:50

2 Answers2

0

It's been a while since I've done it, but I believe that the auth.guards.api.input_key settings will allow you to specify it. So your auth.php would look partly like this:

<?php

return [
    "guards" => [
        "api" => [
            "driver" => "token",
            "provider" => "users",         // the database table
            "storage_key" => "api_token",  // the database column
            "input_key" => "api_key",      // the query string component
            "hash" => true,
        ],
    ],
];
miken32
  • 35,483
  • 13
  • 81
  • 108
0

you can simply create your own middleware

public function handle($request, Closure $next)
{
    $token = request('key'); //it can be anything 
    if ($token != 'abc') { // this value can be static or can be get from database
        return response([
            'error' => 2,
            'message' => ["Access Denied"]
        ]);
    }
    return $next($request);
}

here you can match with token and allow them certain request

NOTE: it will work on url paramter not headers token for header you need to get token from header

Kamlesh Paul
  • 8,132
  • 1
  • 12
  • 26