Support the ongoing development of Laravel.io →
Laravel Authentication Security

Hi, I am developing a SPA with Laravel and Vue and using Sanctum cookie based authentication for the SPA (same domain for backend and front end). I have all my API endpoints in the api routes file, and planning to make the API available for third parties down the line. I have come across the following scenario.

There is a API route for to save data from a contact form on the SPA and the users DO NOT need to be logged in to use the contact form (imaging a public facing "Contact Us" page where any un-authenticated user can use the form to post a message. So any visitor this form should be able to use the form (hence consume the API without authenticating), from within the hosted domain. However, I need to protect this endpoint from third party unauthorised use (from outside the hosted domain), hence need to protect it at app access level. I cannot assign sanctum:auth middleware to the endpoint route as it will then force the enduser to login to the system to use this form from within the hosted domain. I can protect this endpoint at app level using a token based approach (as if that I am using a third party API backend), but wondering if the cookie based approach in Sanctum has a solution to this. I am sure there has to be a quick and easy solution to this in Sanctum SPA cookie based auth as this is very common scenario. Any help is much appreciated. I have done an extensive search online, but cannot find a solution. Happy to share the codes if needed. Many thanks once again

Last updated 3 years ago.

alexllnk, 99deon liked this thread

2

Sign in to participate in this thread!

PHPverse

Your banner here too?

Moderators

We'd like to thank these amazing companies for supporting us

Your logo here?

Laravel.io

The Laravel portal for problem solving, knowledge sharing and community building.

© 2025 Laravel.io - All rights reserved.