Back to Posts

Building REST APIs with Laravel

Muhammad Fauzun Naja

In the modern web development ecosystem, delivering data through a REST API is a standard requirement for Backend Developers. Laravel provides a complete set of tools to build APIs that are not only functional but also scalable and easy to maintain.

This article covers the essential steps to building a REST API using Laravel, from routing structures to output standardization.

1. API Architecture Preparation

Before writing code, it is crucial to understand that a good API should follow RESTful principles. In Laravel, we focus on the following components:

  • Routes: Located in routes/api.php to separate Web and API logic.
  • Controllers: Where business logic and data coordination are managed.
  • Eloquent Models: Object representation of your database tables.
  • API Resources: A transformation layer to standardize JSON response formats.

2. Implementing Routing

Laravel separates web and API routes by default. All routes defined in api.php automatically receive the /api prefix and utilize the api middleware group, which is stateless.

use App\Http\Controllers\Api\ProjectController;
use Illuminate\Support\Facades\Route;

// Using apiResource for standard CRUD endpoints
Route::apiResource('projects', ProjectController::class);

3. Standardizing Responses with API Resources

One of the best practices is to avoid returning Eloquent models directly as JSON. Using Eloquent Resources allows you to map data according to the client's needs without exposing sensitive or unnecessary database columns.

Create a resource using Artisan:

php artisan make:resource ProjectResource

Example of data transformation within ProjectResource.php:

public function toArray($request)
{
    return [
        'id' => $this->id,
        'project_name' => $this->title,
        'summary' => $this->description,
        'published_at' => $this->created_at->format('d-M-Y'),
    ];
}

4. Strict Data Validation

To keep your Controllers clean (the Slim Controller approach), use Form Requests to handle input validation logic.

php artisan make:request StoreProjectRequest

Inside your Controller:

public function store(StoreProjectRequest $request)
{
    // The incoming request is already validated at this point
    $validated = $request->validated();
    $project = Project::create($validated);
    
    return new ProjectResource($project);
}

5. Security and Authentication

For secure APIs, Laravel provides Sanctum. It is a featherweight authentication system for SPAs, mobile applications, and simple token-based APIs.

Key considerations for production environments:

  • Rate Limiting: Protect your API from abuse using the throttle middleware.
  • CORS Configuration: Ensure your Cross-Origin Resource Sharing policies are correctly configured in config/cors.php.
  • Environment Consistency: Whether using Laravel Herd locally or Docker in production, ensure your .env keys are properly secured.

Conclusion

Building REST APIs with Laravel offers high efficiency thanks to its built-in features. By separating the presentation layer (Resource) from the data layer (Model), you create applications that are more robust, maintainable, and easier to test.

LaravelAPIBackend
Muhammad Fauzun Naja

Muhammad Fauzun Naja

Backend Developer sharing insights about Laravel, PHP, and DevOps.