0

maybe i have a thinking error. Maybe not. I want to create a API token for my application.

The following scenerio i want to do: I have a Laravel application and now i want to code a mobile app. In the mobile app a user can register. For this i want to have n API token, to prevent that every people can access to my application without the api token. But everything i found in the web is only a api token for a user. But in the Register step i dont have currently a user. So what is the write Solution for this? How can i add a general api token? Is there an existing composer repository or should i code it on my own?

I need to solutions. A generel for registration and login and a specific for access to the laravel application by a logged in user.

I read the laravel sanctum, but this is every time with a existing user

Thanks for your hints.

iSaBo
  • 117
  • 9
  • Does this answer your question? [Restrict API requests to only my own mobile app](https://stackoverflow.com/questions/21465559/restrict-api-requests-to-only-my-own-mobile-app) – Clément Baconnier Jan 15 '22 at 21:04
  • Thanks for your answer. This answers only the question that i need an authentification. I need also a Solution specific for laravel :) – iSaBo Jan 16 '22 at 06:57
  • Laravel or not, the problem remains. This is a client-server issue. You cannot certifie that your client will use your mobile app to make the request. The same apply to requests using authentication. What issue are you trying to solve by restricting to only your mobile app? – Clément Baconnier Jan 16 '22 at 08:35
  • I am trying to solve the problem that not any X can do a registration process through the API. Of course I don't have a user and token at this point. I want to prevent that someone wants to harm me and sends X requests to register multiple users. – iSaBo Jan 16 '22 at 10:02
  • _I am trying to solve the problem that not any X can do a registration process through the API._ As I said, you canno't effectively prevent that (see previous link). _I want to prevent that someone wants to harm me and sends X requests to register multiple users._ You can [rate limit](https://laravel.com/docs/8.x/rate-limiting) registration per IP request if you really want to. – Clément Baconnier Jan 16 '22 at 10:23
  • I forgot to mention that by default, [Laravel throttle the API](https://github.com/laravel/laravel/blob/8.x/app/Http/Kernel.php#L44) with 60 requests per minutes (IRC) which already prevent abusive requests. – Clément Baconnier Jan 16 '22 at 14:38

0 Answers0