Create a REST API in Laravel
REST APIs empower web applications by allowing different systems to communicate over HTTP. Learn how to create a REST API in a Laravel application with code examples.

A REST API is an architectural style that enables different web applications to communicate with each other using standard HTTP methods. In this post, we are going to build an API in Laravel that supports all commonly used HTTP methods.
How to Create a Laravel REST API?
Laravel is a widely used PHP framework that powers many web applications. It offers features like routing, authentication, validation, API resources, middlewares and a lot more that make it an ideal choice for building secure and scalable APIs. Creating a REST API with Laravel involves a few simple steps, which we are going to implement in this post.
Step 1: Create a Controller, Model and Migration
The first step to our implementation is to create a resource controller, a model and a database migration. We are going to create a model class named Post. The following command can be used to create all three at once.
php artisan make:model Post -mcr
Running the command above will create the following files.
app/Http/Controllers/PostController.php
app/Models/Post.php
database/migrations/xxxx_create_posts_table.php
Step 2: Update the Migration file
Next, we need to update our migration file and add some fields to the database table. Our migration class will only have id, title, content and timestamp fields in the database table.
<?php
use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;
public function up(): void
{
Schema::create('posts', function (Blueprint $table) {
$table->bigIncrements('id');
$table->string('title');
$table->text('content');
$table->timestamps();
});
}
Step 3: Update the Model for API
Next, we update our model class to define which attributes can be updated with mass assignment. Our model class will have the following fields in the $fillable array.
<?php
namespace App\Models;
use Illuminate\Database\Eloquent\Model;
class Post extends Model {
protected $fillable = [
'title',
'content'
];
}
Step 4: Create an API Resource
Instead of returning JSON responses, Laravel recommends using API Resources for API responses. We can create a Laravel API Resource for our Post model by running the following command:
php artisan make:resource PostResource
After running the above command, we will update our PostResource class to return the selected data. The content of this class should look something like this:
<?php
namespace App\Http\Resources;
use Illuminate\Http\Request;
use Illuminate\Http\Resources\Json\JsonResource;
class PostResource extends JsonResource
{
public function toArray(Request $request): array
{
return [
'id' => $this->id,
'title' => $this->title,
'content' => $this->content,
'created_at' => $this->created_at,
];
}
}
Step 5: Create a Controller for The API
Then, we need a Laravel API controller to handle the API requests and return the API resource response according to the request method. The methods in our PostController are as follows:
- The
index()method will return all posts. - The
show()method will return a single post for the provided post id. - The
store()method will create a single post with the data provided in the request. - The
update()method will update a single post against the providedidof the post and other data to update. - The
delete()method will delete a single post against the provided id of the post.
<?php
namespace App\Http\Controllers;
use App\Http\Resources\PostResource;
use App\Models\Post;
use Illuminate\Http\Request;
class PostController extends Controller
{
// Show all posts
public function index()
{
return PostResource::collection(Post::all());
}
// Show a single post
public function show(Post $post)
{
return new PostResource($post);
}
// Create a post
public function store(Request $request)
{
$validated = $request->validate([
'title' => 'required|max:255',
'content' => 'required',
]);
$post = Post::create($validated);
return (new PostResource($post))
->additional([
'message' => 'Post created successfully.',
]);
}
// Update a post
public function update(Request $request, Post $post)
{
$validated = $request->validate([
'title' => 'required|max:255',
'content' => 'required',
]);
$post->update($validated);
return (new PostResource($post))
->additional([
'message' => 'Updated successfully.',
]);
}
// Delete a post
public function destroy(Post $post)
{
$post->delete();
return response()->json([
'message' => 'Deleted successfully.',
]);
}
}
Step 7: Register API Routes
Now that most of our logic for the API with Laravel is done, we just need to register API routes to send each API request to the specific method of the API controller we just created. The controller will handle the API request based on the request method and return the API response accordingly. We will register the following routes in the routes/api.php file:
Route::get('posts', [PostController::class, 'index']);
Route::get('posts/{post}', [PostController::class, 'show']);
Route::post('posts', [PostController::class, 'store']);
Route::patch('posts/{post}', [PostController::class, 'update']);
Route::delete('posts/{post}', [PostController::class, 'delete']);Step 8: Authenticate API Requests with a Middleware
Now as for the security part, we need to authenticate our API requests. Laravel recommends using Sanctum Authentication because it is lightweight and ideal for SPAs and mobile applications. But we can also create a Laravel Middleware of our own and use it to authenticate our API requests.
Route::middleware('auth:sanctum')->group(function () {
// API routes here
});
Route::middleware('authenticate_api_request')->group(function () {
// API routes here
});Step 9: Test The API
That's it, we just created our first REST API in Laravel along with authentication middleware. We can now use the API with the following URLs, specific HTTP methods and request body:
GET /api/posts
POST /api/posts
GET /api/posts/1
Body:
{
"title": "Post Title",
"content": "Post content."
}
PUT /api/posts/1
Body:
{
"title": "Updated Title",
"content": "Updated content."
}
DELETE /api/posts/1
Laravel offers everything needed for a robust and secure REST API with minimal effort. We just demonstrated how to create a Laravel REST API from scratch, combined with API resources and middleware authentication. Using the code snippets in this post, we can create secure, maintainable, and scalable APIs for web and mobile applications.