API authentication using jwt in Laravel 5.4 tutorial with example

API authentication using jwt in Laravel 5.4 tutorial with example

In this post we will give you information about API authentication using jwt in Laravel 5.4 tutorial with example. Hear we will give you detail about API authentication using jwt in Laravel 5.4 tutorial with exampleAnd how to use it also give you demo for it if it is necessary.

In this example, you will know how to implement api authentication in Laravel 5.4 using JWT with example.

This is very important to implement authentication in web application.

JWT (JSON Web Token) is usually used to send information that can be trusted and verified by means of a digital signature.

Now question is when should you use JSON Web Tokens ?

This is very common scenario for all the web application where you need to set restriction over request, you allow user to access services, resources and interaction with the database with the help of security token and JSON Web Tokens are a best way to transfer information between parties in secure way.

JWT allow these all feature to apply api authentication and normally used in HTTP Authorization headers.

Using JWT is a good way to apply security on your RESTful API services that can be used to enter into your database.

Install the JWT handler package

In this step, I will install the tymon/jwt-auth package for api authentication.

Run following command to install package :

composer require tymon/jwt-auth

Update the config/app.php for JWT package

In this step, I will update the config/app.php to add service provider and their aliase.

'providers' => [
'aliases' => [
	'JWTAuth' => 'TymonJWTAuthFacadesJWTAuth'

Now publish the JWT configuration file, once you have successfully published then you will see a new file created in following path config/jwt.php.

To publish the configuration file in Laravel you need to run following line of code :

php artisan vendor:publish --provider="TymonJWTAuthProvidersJWTAuthServiceProvider"

Now for token encryption, I need to generate a secret key by running following line of code :

php artisan jwt:generate

Add route

In this step, I will define routes for register a new user, login with user credentials and get the authenticated user details by using token.


  1. Route::post('auth/register','UserController@register');
  2. Route::post('auth/login','UserController@login');
  3. Route::group(['middleware'=>'jwt.auth'],function(){
  4. Route::get('user','UserController@getAuthUser');
  5. });
Route::post('auth/register', 'UserController@register');
Route::post('auth/login', 'UserController@login');
Route::group(['middleware' => 'jwt.auth'], function () {
    Route::get('user', 'UserController@getAuthUser');

As you can see in above routes, I used middleware so If successfully authenticated then you will get user details from the database.

The main aspect of this tutorial will be on how I can generate JWTs on the back-end (Laravel) side and obtain them on the front-end and then pass the generated token with each request to the API.

Ok, Now I will create middleware to check if the token is valid or not and also You can handle the exception if the token is expired.

php artisan make:middleware VerifyJWTToken

Using this middleware, you can filter the request and validate the JWT token.

Now open your VerifyJWTToken middleware and put below line of code.


  1. <?php
  2. namespace AppHttpMiddleware;
  3. use Closure;
  4. use JWTAuth;
  5. use TymonJWTAuthExceptionsJWTException;
  6. use SymfonyComponentHttpKernelExceptionUnauthorizedHttpException;
  7. class VerifyJWTToken
  8. {
  9. /**
  10. * Handle an incoming request.
  11. *
  12. * @param IlluminateHttpRequest $request
  13. * @param Closure $next
  14. * @return mixed
  15. */
  16. public functionhandle($request, Closure $next)
  17. {
  18. try{
  19. $user= JWTAuth::toUser($request->input('token'));
  20. }catch(JWTException $e){
  21. if($e instanceof TymonJWTAuthExceptionsTokenExpiredException){
  22. returnresponse()->json(['token_expired'],$e->getStatusCode());
  23. }elseif($e instanceof TymonJWTAuthExceptionsTokenInvalidException){
  24. returnresponse()->json(['token_invalid'],$e->getStatusCode());
  25. }else{
  26. returnresponse()->json(['error'=>'Token is required']);
  27. }
  28. }
  29. return$next($request);
  30. }
  31. }

namespace AppHttpMiddleware;

use Closure;
use JWTAuth;
use TymonJWTAuthExceptionsJWTException;
use SymfonyComponentHttpKernelExceptionUnauthorizedHttpException;

class VerifyJWTToken
     * Handle an incoming request.
     * @param  IlluminateHttpRequest  $request
     * @param  Closure  $next
     * @return mixed
    public function handle($request, Closure $next)
            $user = JWTAuth::toUser($request->input('token'));
        }catch (JWTException $e) {
            if($e instanceof TymonJWTAuthExceptionsTokenExpiredException) {
                return response()->json(['token_expired'], $e->getStatusCode());
            }else if ($e instanceof TymonJWTAuthExceptionsTokenInvalidException) {
                return response()->json(['token_invalid'], $e->getStatusCode());
                return response()->json(['error'=>'Token is required']);
       return $next($request);

The try block in handle method check if requested token is verified by JWTAuth or not if it is not verified then exception will be handled in catch block with their status.

Now register this middleware in your kernal to run during every HTTP request to your application.


 protected $routeMiddleware = [
        'jwt.auth' => AppHttpMiddlewareVerifyJWTToken::class,

Create UserController

In this step, I will create a controller “UserController.php” to register a user and login with the registered user.


  1. <?php
  2. namespace AppHttpControllers;
  3. use IlluminateHttpRequest;
  4. use AppHttpRequests;
  5. use AppHttpControllersController;
  6. use JWTAuth;
  7. use AppUser;
  8. use JWTAuthException;
  9. class UserController extends Controller
  10. {
  11. private $user;
  12. public function__construct(User $user){
  13. $this->user =$user;
  14. }
  15. public functionregister(Request $request){
  16. $user=$this->user->create([
  17. 'name'=>$request->get('name'),
  18. 'email'=>$request->get('email'),
  19. 'password'=>bcrypt($request->get('password'))
  20. ]);
  21. returnresponse()->json(['status'=>true,'message'=>'User created successfully','data'=>$user]);
  22. }
  23. public functionlogin(Request $request){
  24. $credentials=$request->only('email','password');
  25. $token= null;
  26. try {
  27. if(!$token= JWTAuth::attempt($credentials)){
  28. returnresponse()->json(['invalid_email_or_password'],422);
  29. }
  30. }catch(JWTAuthException $e){
  31. returnresponse()->json(['failed_to_create_token'],500);
  32. }
  33. returnresponse()->json(compact('token'));
  34. }
  35. public functiongetAuthUser(Request $request){
  36. $user= JWTAuth::toUser($request->token);
  37. returnresponse()->json(['result'=>$user]);
  38. }
  39. }
namespace AppHttpControllers;

use IlluminateHttpRequest;

use AppHttpRequests;
use AppHttpControllersController;
use JWTAuth;
use AppUser;
use JWTAuthException;
class UserController extends Controller

    private $user;
    public function __construct(User $user){
        $this->user = $user;
    public function register(Request $request){
        $user = $this->user->create([
          'name' => $request->get('name'),
          'email' => $request->get('email'),
          'password' => bcrypt($request->get('password'))
        return response()->json(['status'=>true,'message'=>'User created successfully','data'=>$user]);
    public function login(Request $request){
        $credentials = $request->only('email', 'password');
        $token = null;
        try {
           if (!$token = JWTAuth::attempt($credentials)) {
            return response()->json(['invalid_email_or_password'], 422);
        } catch (JWTAuthException $e) {
            return response()->json(['failed_to_create_token'], 500);
        return response()->json(compact('token'));

    public function getAuthUser(Request $request){
        $user = JWTAuth::toUser($request->token);
        return response()->json(['result' => $user]);

Now let’s check the API response with Postman.

1 : I will first register a user so that i can login with the help of user credentials.

2 : Now I will login with the credentials to get a token :

3 : Now I will hit the api to get user details :

4 : If you pass the invalid token then you will get following response :

Click here to know the use of JWT in Node.js

Generate JWT token after login and verify with Node.js API

Now you can try this REST API Services for authentication with JWT using Laravel 5.4

Label :


Laravel PHP Framework

How To


Web Development

Hope this code and post will helped you for implement API authentication using jwt in Laravel 5.4 tutorial with example. if you need any help or any feedback give it in comment section or you have good idea about this post you can give it comment section. Your comment will help us for help you more and improve us. we will give you this type of more interesting post in featured also so, For more interesting post and code Keep reading our blogs

For More Info See :: laravel And github

Leave a Comment

Your email address will not be published. Required fields are marked *

  +  76  =  83

We're accepting well-written guest posts and this is a great opportunity to collaborate : Contact US