Support the ongoing development of →
Authentication Security Validation
Last updated 1 year ago.


if (Auth::attempt(['email' => $email, 'password' => $password])) {
            // Authentication passed...
            return redirect()->intended('dashboard');

or simply

$user = User::find(1);



@astroanu Thank you very much.. sorry for bad english. I intent to create a web API app, in order to secure every API call, i want to create a simple authentication layer. I already read about this at the resource :

this kind ( onceBasic ) of authentication method is fit my needs, but what i am trying to do is, i want to authenticate the email and password without checking in to my database, i want to hardcode that credential. I created a middleware and implemented OnceBasic, but it makes have to create User table that i really don't needed to.

so i am thinking how to create a middleware with similar Oncebasic method but without checking the credential into my database, but just validate it with hardcoded credential. But i really stuck, where and how i have to do this.

thank you for reply,




oh now i get it..

You can write the api without authentication. Ditch the user table. Add a password from server side (from apache). "Authorization: Basic",

When you send a request to the api it will then ask for the password. When calling the API you can pass the password and the username required by apache using curl.. something like this

This method will work for you unless you need to connect the user in session with the data you fetch from the API.


@astroanu, thank you very much. I already figure out how to solve this problem. I am still using the middleware i created, and make a little modification into this :


namespace App\Http\Middleware;

use Auth;
use Closure;

class MyAuth
    public function handle($request, Closure $next)

        if (!$this->basic_validate($request->header('PHP_AUTH_USER'), $request->header('PHP_AUTH_PW'))) {
            $data = ['error' => ['message' => 'Not Found', 'status_code' => 404]];
            return response()->json($data, 404, array(), JSON_PRETTY_PRINT);
        return $next($request);

    private function basic_validate($user, $password)
        if ($user == 'vidy' && $password == 'pvidy') {

            return true;

        return false;


However i still needs some enhancement, i think laravel already provided really helpful way to solve my problem, but i still doesn't find out how, temporarily i am using this, because i need a quick solution to make a progress. But i hope someone kindly share with me.

thank you very much.




hmm..this would also work. however i guess you just need some sort of authentication (that is secure) that would work with the API request but, later you might use the actual user table to authenticate ?

then reconsider the above flow i described. That way if you later decide to authenticate with the User model you just need to remove the Basic Authentication from apache and add Basic Authentication from Laravel using a middleware. You won't need to change your client's code.

Also instead of returning a 404 which is "not found", it's good to send a 401 "Unauthorized" or a 403 "Forbidden"

Last updated 7 years ago.

@astroanu thank you my friend, yes indeed, if i need to use actual table later, i will make some changes at my routes.php, apply basic auth middleware into my route.

thank you my friend.


Sign in to participate in this thread!


Your banner here too?


We'd like to thank these amazing companies for supporting us

Your logo here?

The Laravel portal for problem solving, knowledge sharing and community building.

© 2023 - All rights reserved.