0

Is there any possible way to generate access Token so that when anyone tries to retrieve data from the API they must pass the token as header to get access to that

I have been searching for it but it every website is showing this->

$user = Auth::user(); 
$success['token'] =  $user->createToken('MyApp')-> accessToken;

There won't be any user for this purpose, When the other website will hit this api with valid header it will atomatically send all the data to that device .....

can anyone help me with this any help would be highly appreciated ....

Swarnadeep
  • 325
  • 1
  • 3
  • 17

1 Answers1

1

Why dont you create a database called token and store multiple token strings.

Then, whenever, a request hits the server it checks for that token is present or not in the https header.

This way you can create multiple tokens and share it with your API partners. However, this is always public so you might want to add security features on it.

Since you dont have users, there will not be a two way handshake such that you will have to keep sending same token on all requests

So my proposal would be use of API Secret keys.

Steps:

  1. Store api keys in database tables
  2. Send API keys in http headder
  3. As soon as the request hits the server check if token is present in the header
  4. IF token is present check if the token matches database records

By the way without a user the api token is not that secured.

Deepesh Thapa
  • 1,721
  • 3
  • 19
  • 29