This complete tutorial walks you through building REST APIs in Laravel. Learn how to structure routes, create controllers, use models, and handle authentication while returning clean JSON responses. Perfect for beginners starting their Laravel API journey.
Table of contents [Show]
In today’s digital world, REST APIs are the backbone of modern applications. From mobile apps to frontend JavaScript frameworks like React or Vue, APIs allow different systems to communicate seamlessly. Laravel, one of the most popular PHP frameworks, provides an elegant way to build REST APIs with minimal effort.
This guide is designed for beginners who want to understand how to build APIs in Laravel. By the end of this tutorial, you’ll be able to build a fully functional REST API capable of handling requests, returning JSON responses, and even handling authentication.
REST (Representational State Transfer) is an architectural style that uses HTTP methods to perform actions on resources. In REST:
First, let’s create a fresh Laravel project:
composer create-project laravel/laravel laravel-api-demoStart the development server:
php artisan serveLaravel comes with API support out of the box. All API routes go into the routes/api.php file.
Open routes/api.php. By default, Laravel uses the /api prefix for API routes.
// routes/api.php
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Route;
Route::get('/hello', function () {
return response()->json(['message' => 'Hello from Laravel API!']);
});
Now visit http://127.0.0.1:8000/api/hello. You’ll see:
{
"message": "Hello from Laravel API!"
}
Let’s build a simple API for managing Books. The API will allow clients to:
php artisan make:model Book -mThis command creates a model Book and a migration file.
// database/migrations/xxxx_xx_xx_create_books_table.php
public function up()
{
Schema::create('books', function (Blueprint $table) {
$table->id();
$table->string('title');
$table->string('author');
$table->integer('year_published');
$table->timestamps();
});
}
Run the migration:
php artisan migratephp artisan make:controller Api/BookController --apiThis creates a controller with methods tailored for API use.
// app/Http/Controllers/Api/BookController.php
namespace App\Http\Controllers\Api;
use App\Http\Controllers\Controller;
use App\Models\Book;
use Illuminate\Http\Request;
class BookController extends Controller
{
public function index()
{
return response()->json(Book::all());
}
public function store(Request $request)
{
$request->validate([
'title' => 'required',
'author' => 'required',
'year_published' => 'required|integer',
]);
$book = Book::create($request->all());
return response()->json($book, 201);
}
public function show($id)
{
return response()->json(Book::findOrFail($id));
}
public function update(Request $request, $id)
{
$book = Book::findOrFail($id);
$book->update($request->all());
return response()->json($book);
}
public function destroy($id)
{
Book::destroy($id);
return response()->json(null, 204);
}
}
// routes/api.php
use App\Http\Controllers\Api\BookController;
Route::apiResource('books', BookController::class);
// app/Models/Book.php
namespace App\Models;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;
class Book extends Model
{
use HasFactory;
protected $fillable = ['title', 'author', 'year_published'];
}
You can use tools like Postman, Insomnia, or even curl to test your API.
| HTTP Method | Endpoint | Action |
|---|---|---|
| GET | /api/books | Retrieve all books |
| POST | /api/books | Create a new book |
| GET | /api/books/{id} | Retrieve single book |
| PUT/PATCH | /api/books/{id} | Update a book |
| DELETE | /api/books/{id} | Delete a book |
In real-world applications, you don’t want just anyone to access your API. Laravel provides authentication tools like Sanctum for securing APIs.
composer require laravel/sanctumphp artisan vendor:publish --provider="Laravel\Sanctum\SanctumServiceProvider"php artisan migrate
// app/Http/Kernel.php
'api' => [
\Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
'throttle:api',
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
// routes/api.php
Route::middleware('auth:sanctum')->group(function () {
Route::apiResource('books', BookController::class);
});
apiResource for clean routes.Building REST APIs in Laravel is beginner-friendly yet powerful enough for production use. You now know how to create routes, controllers, and models, apply CRUD operations, secure APIs with Sanctum, and test with Postman. With these skills, you can start integrating your APIs into mobile apps, SPAs, or even third-party services.
The more you practice, the more confident you’ll become in designing robust, scalable, and secure APIs with Laravel.
This article is a comprehensive tutorial on using the Prohibited Validation Rules in Laravel. You will learn how to apply prohibited, prohibited_if, and prohibited_unless with clear explanations, real-life scenarios, and code examples. This guide is perfect for developers who want to master advanced validation techniques in Laravel applications.
This detailed tutorial explores request validation in Laravel controllers. You’ll learn multiple techniques—basic controller validation, using form request classes, custom rules, conditional validation, error handling, localization, and best practices. With practical examples, code snippets, and structured explanations, this article is designed for beginners to advance learner.
This guide teaches you how to deploy Laravel applications to production servers. From preparing your environment and configuring Nginx or Apache, to database migrations, caching, performance optimization, CI/CD pipelines, and security practices—this article covers everything step by step.It’s suitable for both beginners and advanced developers who want to ship stable, secure & scalable app.
