i use Laravel passport for auth
in route api.php
Route::get(\'/todos\', function(){
return \'hello\';
})->middleware(\'auth:api\');
Use Postman and set the Header Accept: application/json
otherwise Laravel Passport would never know it's an API client and thus redirect to a /login page for the web.
see below image to see where to set the accept parameter:
Check Your Header Request to put
Authorization = Bearer {your token}
You also have to add another header Key: X-Requested-With and value: XMLHttpRequest
Did you enter above-mentioned URL directly in browser search bar? If you did its wrong way because you also need to enter API token with your request__!!
To check either request includes token or not make your own middleware.
Command to create Middleware
php artisan make:middleware CheckApiToken
https://laravel.com/docs/5.6/middleware
change middleware handle method to
public function handle($request, Closure $next)
{
if(!empty(trim($request->input('api_token')))){
$is_exists = User::where('id' , Auth::guard('api')->id())->exists();
if($is_exists){
return $next($request);
}
}
return response()->json('Invalid Token', 401);
}
Like This Your Url should be like this
http://localhost:8000/api/todos?api_token=API_TOKEN_HERE
In the following of @Eki answer,
This error is because you didn't set "Accept" field in your headers.
To avoid this error, add a middleware with priority to Authenticate to check that:
add an extra middleware with below handler
public function handle($request, Closure $next)
{
if(!in_array($request->headers->get('accept'), ['application/json', 'Application/Json']))
return response()->json(['message' => 'Unauthenticated.'], 401);
return $next($request);
}
set priority in app/Http/Kernel.php
protected $middlewarePriority = [
...
\App\Http\Middleware\MyMiddleware::class, // new middleware
\App\Http\Middleware\Authenticate::class,
...
];
add new middleware to your route
Route::get('/todos', function(){
return 'hello';
})->middleware('MyMiddleware', 'auth:api');
You also have to add another header Key: Accept and value: application/json