I have developed a laravel web application in which users can create equipment maintenance requests. To do this, they do not need to register. The web application is planned to be used only within the corporate network. Next, I want to add a windows application that will interact with the laravel api. Where users will also be able to create requests. I will separate the created requests in the Windows application according to the MAC address of the computer. There will be no authentication in the Windows application. What is the best way to implement api in laravel? I need to use Laravel Sanctum or Passport? To store one token that will be embedded in a Windows application. In other words, one token for all. Or is it best to create a simple api without authentication?

CodePudding user response：

I think Laravel Sanctum will be better, Laravel Passport is a full OAuth2 server implementation, and OAuth2 is useful for third-party and limited access API. which means it provides more control and a standard way to deal with API

you can check

https://laravel.com/docs/9.x/passport#passport-or-sanctum

https://datatracker.ietf.org/doc/html/rfc6749

I hope it's helpful

CodePudding user response：

You're talking a couple things here. On the Laravel side of things this is easy. Just do a stock public API. Create a middleware for your api routing then always use the MAC Address as the 3rd segment of the endpoint.

http(s)://mylocalurl.local/api/name-of-api/macaddy/dostuff

Now you know what computer/device is hitting your endpoint every time. You can then do logic like if it isn't in the approved list of MAC Addy give them 0 info. I'm guessing the from the windows application they will never see the endpoint url anyway since you will be returning JSON data? Anyway, that is the only thing unique about the connections so you will be able to tell who it is, when they hit the endpoint and what should be done when they hit it.