Routes going through api.php returning unauthorised whereas the same route going through web.php works
I have a page which enables users to create 'folders'. I'm using the function below to getAll folders belonging to each user, so when a user logs in they should see all of their folders but not the folders of other users.
/**
* Retrieve all user folders
*
* @return Response
*/
public function getAll()
{
// notes associated to folder included
return Folder::where('user_id', Auth::user()->id)->get();
}
This is what the vue page used to load all folders looks like:
<template>
<v-app id="inspire">
<v-card v-for="folder in folders" :key="folder.id">
<v-card-text>
Name: {{ folder.name }}
</v-card-text>
</v-card>
</v-app>
</template>
<script>
import { mapState } from "vuex";
export default {
computed: {
...mapState(['folders'])
},
mounted() {
this.$store.dispatch('getAllFolders');
}
};
</script>
This is what the getAllFolders method looks like:
getAllFolders() {
apiClient.get(window.routes['folders.getAll'])
.then(function(response){
console.log(response)
})
.catch(function(error){
console.error(error);
});
},
Adding the route to web.php works and allows for each user to see their relevant folders:
Route::get('folders/get-all', 'FolderController@getAll')->name('folders.getAll');
However adding it to api.php leads to unauthorised errors:
Route::middleware(['auth:api'])->group(function () {
Route::get('folders/get-all', 'FolderController@getAll')->name('folders.getAll');
Route::apiResource('folders', FolderController::class);
});
What might I be doing wrong?
Api routes are stateless, they are designed for requests coming from 3rd parties and will require an auth token, which you can generate using a package like Laravel Sanctum.
See: https://laravel.com/docs/8.x/sanctum#api-token-authentication
If you are doing ajax requests from your own front end then this is adding unneeded complexity. Stick to web.php, which does not apply the api middleware, and add your own prefex so you can tell apart your html and ajax end points. Ie '/data/user_folders'.
- Sendgrid can't receive emails in application
- How do I populate a dropdown options from an ajax response
- How to output geoJSON file from mysql spatial table?
- Array value sum by key value php
- Sum the values of a column in a 2d array
- Group values in an array of single-element arrays by second level key and sum values within each group
- SQL - How to SUM and use WHERE clause on this SUM using 4 tables?
- Merge a flat associative array into another associative array
- How to Migrate and seed before the full test suite in Laravel with in memory database?
- How to get/read the cleanest url into Meta Canonical via PHP?
- Generated image with text always off-center
- Composer Curl error 60: SSL certificate problem: unable to get local issuer certificate
- Ignore html tags in preg_replace
- Rector how to work with IntersectionType?
- How to merge two associative multidimensional arrays
- Merge two multidimensional arrays related by shared subarray column values
- Replace an array's values with the values from a lookup array
- Print grouped data as a single array
- Merge and sum data from two associative multidimensional arrays
- How to access a global variable from within a class constructor
- Why does !func() <= 30 always evaluate as true?
- Excessively long text breaks preg_replace()
- PHP isset() with multiple parameters
- Can strings have a dangling concatenation operator?
- How to check if there are multiple versions of PHP installed on Ubuntu 12.04 LTS?
- php convert datetime to UTC
- Regex used in preg_match() is not finding the expected URLs
- PHP script runs fine locally but in production gives Error 324
- Wordpress TinyMCE plugin install failed
- Receiving data from word press