This Laravel package provides a simple API key authentication mechanism for your Laravel applications. It allows you to protect your API endpoints by validating API keys sent with each request.
- PHP 7.3 or higher
Tested on Laravel ^8.75
You can install this package via Composer:
composer require ibra4/api-key
Next, you should publish the package's configuration file:
php artisan vendor:publish --tag=api_key
Then run migrations
php artisan migrate
This command will publish the api_key.php
configuration file to your config
directory.
After publishing the configuration file, you can modify the settings in config/api_key.php
to fit your application's requirements. This file allows you to define various aspects of API key authentication, such as key length, expiration duration, etc.
- Implement
HasApiKeyInterface
interface - Use
HasApiKey
trait<?php + use Ibra\ApiKey\Interfaces\HasApiKeyInterface; + use Ibra\ApiKey\Traits\HasApiKey; - class User extends Authenticatable { + class User extends Authenticatable implements HasApiKeyInterface { + use HasApiKey; }
To generate an API key, you can use the provided artisan command:
php artisan api_key:generate ibra 1
This command will generate a new API key and associate it with a App\Models\User model with id 1.
Arguments
- client_id: client's name
- id: Model id
- model (optional): Model class name (default: App\Models\User)
- description (optional): Description
To protect your API routes with API key authentication, you can use the simple_api_key
middleware provided by this package. Simply apply this middleware to the routes you want to protect:
Route::middleware('simple_api_key')->get('/api/resource', 'ResourceController@index');
This middleware will verify the API key sent with each request and authenticate the associated user.
You can deactivate an API key using the provided artisan command:
php artisan api-key:deactivate {client_id}
Replace {client_id}
with the API key you want to deactivate.
To remove an API key from the system, you can use the following artisan command:
php artisan api-key:remove {client_id}
Replace {client_id}
with the API key you want to remove.
You can list all API keys stored in the database using the following artisan command:
php artisan api-key:list
This command will display a list of all API keys along with their associated user and status, like.
client_id | description | model | model_id | key | is_active | expires_at | created_at |
---|---|---|---|---|---|---|---|
ibrahim | Hello World | App\Models\User | 2 | 6af97902bfb6f1c15fea8e079babeca731ee9fb04dd08bb7b6efb80baaed1eb6 | 1 | 2024-04-19T18:25:58.000000Z | 2024-03-20T18:25:58.000000Z |
lara | App\Models\Client | 1 | daabe8a2ed4b84f2156a12dca5b29d8aa4b8fbf4b27813aac077bdc654f57c7b | 0 | 2024-04-19T18:33:15.000000Z | 2024-03-20T18:33:15.000000Z |
The ApiKeyMiddleware
included in this package is responsible for authenticating API requests based on the provided API key. It checks the validity and status of the API key and logs in the associated user if the key is valid and active.
Contributions are welcome! If you encounter any issues or have suggestions for improvements, please feel free to open an issue or submit a pull request on GitHub.
This package is open-source software licensed under the MIT license.
This package is developed and maintained by Ibrahim Hammad.
Feel free to add any additional sections or customize the content as per your project's requirements. This README provides a basic overview of the package and its usage.