0

I'm quite new to Laravel & I just made an API for my website using API Resources. It fetches all objects from the database, and is able to add new ones using POST/PUT requests.

As for my question, is it correct that everyone is able to make POST/PUT requests and add or update my database rows? If so, how do I prevent such actions from the public?

bhbdhdhj
  • 41
  • 4
  • 2
    https://laravel.com/docs/5.6/authentication and https://laravel.com/docs/5.6/authorization (and maybe some https://laravel.com/docs/5.6/passport) – ceejayoz Jul 03 '18 at 13:09
  • @ceejayoz Thanks for your reply man. I have to make Ajax requests to those API's later on within the application, what would be the best option to use? I don't use sensitive data in my API, so it can be public for others to see. However, I don't want them to make POST/PUT requests etc. Would it be enough checking if the request is from my own server? – bhbdhdhj Jul 03 '18 at 13:25
  • It's entirely possible to require authentication only for some routes. Since you're using resource controllers, see https://stackoverflow.com/questions/28729228/laravel-5-route-resources-middleware. – ceejayoz Jul 03 '18 at 13:29

0 Answers0