Laravel Sanctum: Secure Authentication for APIs and SPAs

Modern applications often use JavaScript frontends or mobile apps that talk to a backend API. Laravel Sanctum provides a simple way to authenticate these clients. Sanctum supports two common patterns: - Cookie-based authentication for SPAs - Token-based authentication for APIs ## Installing Sanctum ```bash composer require laravel/sanctum php artisan vendor:publish --provider="Laravel\Sanctum\SanctumServiceProvider" php artisan migrate ``` Add middleware in `app/Http/Kernel.php`. ## Token authentication example Create a token after login: ```php $token = $user->createToken('mobile-app')->plainTextToken; return response()->json(['token' => $token]); ``` Use it in requests: ```http Authorization: Bearer your_token_here ``` ## Request flow ```mermaid flowchart LR A[Client Login] --> B[Laravel Auth] B --> C[Issue Token] C --> D[Client Stores Token] D --> E[API Requests] E --> F[Sanctum Middleware] ``` Sanctum gives you secure auth without the complexity of OAuth. In the next tutorial, we will intercept requests using middleware.