Token management helps keep users logged in safely. It controls who can use your app by giving and checking secret keys called tokens.
<?php // Create a token for a user $token = $user->createToken('token-name')->plainTextToken; // Revoke tokens $user->tokens()->delete();
Use createToken to make a new token for a user.
Use tokens()->delete() to remove all tokens for logout or security.
<?php // Create a token named 'mobile-app' $token = $user->createToken('mobile-app')->plainTextToken;
<?php
// Delete all tokens for the user
$user->tokens()->delete();<?php // Check token in middleware if ($request->user()) { // User is authenticated }
This example shows a simple login route that creates a token, a protected route that returns user info if token is valid, and a logout route that deletes tokens.
<?php use Illuminate\Support\Facades\Route; use Illuminate\Http\Request; use Illuminate\Support\Facades\Hash; Route::post('/login', function (Request $request) { $user = App\Models\User::where('email', $request->email)->first(); if (! $user || ! Hash::check($request->password, $user->password)) { return response()->json(['message' => 'Invalid credentials'], 401); } $token = $user->createToken('api-token')->plainTextToken; return response()->json(['token' => $token]); }); Route::middleware('auth:sanctum')->get('/user', function (Request $request) { return $request->user(); }); Route::middleware('auth:sanctum')->post('/logout', function (Request $request) { $request->user()->tokens()->delete(); return response()->json(['message' => 'Logged out']); });
Tokens should be kept secret like passwords.
Use HTTPS to protect tokens during transfer.
Laravel Sanctum is a simple way to manage tokens in Laravel apps.
Token management controls user access with secret keys.
Create tokens when users log in and delete them to log out.
Use Laravel Sanctum for easy and secure token handling.