laravel 5.3 Api routes not returning "unauthorized access" error.

1
votes

I'm trying to create an api with laravel 5.3 and I've just created a new fresh Laravel 5.3 project and have added the below route to the routes/api.php file.

Route::get('/',function(){
    return view('welcome');
});

When I hit this url http://localhost/api/ on my browser I was navigated to the default laravel home page of my application.

Now my question is, shouldn't I get an "Unauthorized access" error when I try to access a route in the api.php file without passing a token? Why is laravel letting me navigate to the api route even when I'm not passing a token?

Note: I have not added laravel passport or any other oAuth libraries to the project yet.

1
phplaravellaravel-5
Does the answer work for you? - hogan
Yes it did, Like you said we would have to use a middleware such as auth or a custom one of our own. Thanks for your help. - Sanu Soman
More than welcome - hogan

1 Answers

1
votes

No, Laravel doesn't check those by default when defining routes like that. And thats a good thing because there might be situations where you provide information without the user needing to send a crsf token or authenticate.

What you want is using middleware in your routes. Have a look here: https://laravel.com/docs/5.3/middleware

This will use the specified middleware like 'auth' on certain routes or route groups. i.e.

Route::group(['middleware' => ['auth']], function () {

    Route::post('profile', 'ProfileController@create');
    ....
}

Also see the example on the page with the middlewareGroups 'web'