Home > Mobile >  Is it safe to delete the default route in api.php in Laravel 8?
Is it safe to delete the default route in api.php in Laravel 8?

Time:11-22

I installed Laravel 8 and found the following route in routes/api.php.

Route::middleware('auth:sanctum')->get('/user', function (Request $request) {
    return $request->user();
});

I will create my own APIs which accept post and return json. Should I remove the default sanctum route? Is it safe to delete it? Or is it dangerous if I don't delete it?

I think it is dangerous if someone accesses /api/user. I don't know what it is.

CodePudding user response:

You can safely delete it. They just included it as an example or not to present you with an empty routes/api.php (not sure which).

Edit: Accessing /user will show the user associated with the bearer token. Sanctum's tokens aren't dependent on the /user route however.

CodePudding user response:

Sacntum is cookie-based session authentication service. This is just an example route that will return the user data if he is logged-in. You can remove it safely without any issues.

It is completely safe to use as well as the user will only be able to access this route if he is already logged in and will only get his user information back not of all the users.

CodePudding user response:

I think it is dangerous if someone accesses /api/user. I don't know what it is.

Yes it is good to remove this example route. On the other hand. Only authenticated User can see the userlist. If you are the only auth user in your application it not so much important if you forget to remove this route.

  • Related