Laravel Basic Authentication with Passport & Dingo API – Setup

Why you might be interested?

  • You might save few hours of googling
  • You care about your users so you don’t want them to be hacked by a 10yo

Our mission

Create a secure API boilerplate which can be consumed by any client (web & mobile app)

Final result

If you want to skip the process here you can find the result:

Let’s start!

The setup is inspired by ChristophSchmidl’s boilerplate available here:

Install Laravel:

Add Dingo API to composer.json (find latest version here:

"require": {     
"dingo/api": "2.0.0-alpha1"

Put Dingo\Api\Provider\LaravelServiceProvider::class into the providers array of config/app.php 

Run php artisan vendor:publish --provider="Dingo\Api\Provider\LaravelServiceProvider"

Put 'DingoApi' => Dingo\Api\Facade\API::class'DingoRoute' => Dingo\Api\Facade\Route::class into aliases array of config/app.php

Update .env file and insert:

Install CORS. Using this you can handle Cross-Origin Resource Sharing headers and OPTIONS requests.

Run: php artisan vendor:publish --provider="Barryvdh\Cors\ServiceProvider"

Make CORS available to all routes. You can change that behaviour by updating app/Http/Kernel.php and put \Barryvdh\Cors\HandleCors::class into your middleware array.

Move the User-model from app into namespace App\Models and adjust all config files (if any) so everything works as before.
In config/auth.php update:

'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\Models\User::class,

Install Passport via composer require laravel/passport
Register PassportServiceProvider by adding Laravel\Passport\PassportServiceProvider::class to the providers array of config/app.php

Run php artisan vendor:publish --tag=passport-migrations to put the default Passport migrations into database/migrations folder.

Run php artisan migrate


If you receive: “Specified key was too long; max key length is 767 bytes”

Open app/Providers/AppServiceProvider.php and inside the boot method set a default string length:

use Illuminate\Support\Facades\Schema;

public function boot() {

We are close

Run php artisan passport:install This command will create the encryption keys needed to generate secure access tokens. In addition, the command will create “personal access” and “password grant” clients which will be used to generate access tokens.

Add Laravel\Passport\HasApiTokens to App\Models\User

Final steps

Thanks to ChristophSchmidl we have some nicely crafted controllers and transformers which we will just describe in few words. You can find them on github.
Under app/Http/Controllers/Api/V1 we create a custom Controller named DingoController which will throw all Laravel exceptions and validation errors to our API responses. You can also find there a LoginController and a RegisterController which validate the input and return the responses.

Under app/Http we have created a folder named Transformers. These are meant to convert your Eloquent objects (eg. User) to a custom JSON which is sent in your API response.

In app/Providers We have DingoExceptionHandlerProvider which handles the HTTP errors related to authentication (eg. 401, 403) and DingoPassportServiceProvider validates the Authorization header.

And finally in routes/api.php you can see some defined routes for Login, Register and Logout.

You’re done!

Thanks for reading by here!

If you have any questions or improvements please let us know in comments section.

Leave a comment

Your email address will not be published. Required fields are marked *