Skip to content
Postman API Testing Tips

How Use Postman Api Laravel Passport

API Testing Blog

Integrating Laravel Passport with Postman for API Testing

Postman is a powerful tool for API testing and development. Laravel Passport is a robust OAuth2 server implementation that adds authentication to your Laravel applications. Combining these two can streamline your API testing process.

1. Setting up Laravel Passport

  1. Install Laravel Passport:

    Terminal window
    composer require laravel/passport

  2. Publish Passport configuration:

    Terminal window
    php artisan vendor:publish --provider="Laravel\Passport\PassportServiceProvider"

  3. Generate Passport keys:

    Terminal window
    php artisan passport:install

  4. Configure your authentication middleware: In your App\Http\Kernel.php, add the following to the $middleware array:

    protected $middleware = [
        // ...
        \Illuminate\Session\Middleware\StartSession::class,
        \Illuminate\View\Middleware\ShareErrorsFromSession::class,
        \Illuminate\Routing\Middleware\SubstituteBindings::class,
        \Illuminate\Auth\Middleware\Authenticate::class,
        \Illuminate\Session\Middleware\AuthenticateSession::class,
        \Illuminate\Routing\Middleware\ThrottleRequests::class,
        \Illuminate\Foundation\Http\Middleware\VerifyCsrfToken::class,
    ];

  5. Create a user (if you don’t have one):

    Terminal window
    php artisan tinker
    >>> App\User::create([
        'name' => 'Test User',
        'email' => 'test@example.com',
        'password' => bcrypt('password'),
    ]);
    >>> exit

2. Configuring Postman

  1. Create a new Postman Collection: This will help organize your API requests.

  2. Add a new request:

    • Name: Give your request a descriptive name.
    • Method: Choose the HTTP method (GET, POST, PUT, DELETE, etc.)
    • URL: Enter your API endpoint URL (e.g., http://localhost:8000/api/users)

  3. Authorization Tab:

    • Select OAuth 2.0 from the drop-down menu.

  4. OAuth 2.0 Configuration:

    • Grant Type: password
    • Token Name: access_token
    • Token URL: http://localhost:8000/oauth/token (replace with your app’s URL)
    • Client ID: The client ID you created in your Laravel Passport setup
    • Client Secret: The client secret you created in your Laravel Passport setup
    • Scope: * (for all scopes) or a specific scope if you’ve defined them in your Laravel Passport configuration.

  5. Request Headers:

    • Authorization: Bearer {{access_token}}

  6. Body:

    • If your API endpoint requires data, add the necessary parameters in the Body section.

3. Obtaining an Access Token

  1. Create a new request to http://localhost:8000/oauth/token (your token URL):

    • Method: POST
    • Headers:
      • Content-Type: application/x-www-form-urlencoded
    • Body:
      • grant_type: password
      • client_id: Your Laravel Passport client ID
      • client_secret: Your Laravel Passport client secret
      • username: test@example.com (your test user’s email)
      • password: password (your test user’s password)

  2. Send the request: You’ll receive a response containing the access token.

  3. Save the access token:

    • Click on the Authorization tab of your request.
    • Select Get New Access Token.
    • In the Token field, paste your retrieved access token.
    • Save the token: Click the save button.

4. Testing API Endpoints with your Access Token

Now you can use the saved access token to test your protected API endpoints:

  1. Set the Authorization header: In your Postman request, ensure the Authorization header is set to Bearer {{access_token}}.

  2. Send requests: Send requests to your API endpoints as usual. Your access token will authenticate them.

Example: Fetching User Data

API Endpoint (Laravel):

routes/api.php
Route::middleware('auth:api')->get('/user', function (Request $request) {
    return $request->user();
});

Postman Request:

  • Method: GET
  • URL: http://localhost:8000/api/user
  • Authorization: Bearer {{access_token}}

Postman Response:

{
  "id": 1,
  "name": "Test User",
  "email": "test@example.com",
  "email_verified_at": null,
  "created_at": "2023-04-20T14:17:30.000000Z",
  "updated_at": "2023-04-20T14:17:30.000000Z"
}

5. Using Environment Variables for Secure Credentials

To keep your sensitive information (client ID, client secret) secure, consider using Postman’s environment variables:

  1. Create an environment:

    • Go to the Postman Environments section.
    • Click on Add Environment.
    • Name your environment (e.g., LaravelAPI).

  2. Add variables:

    • Add variables for your client_id and client_secret.
    • Set the variable values to match your Laravel Passport credentials.

  3. Use environment variables in your requests:

    • Instead of hardcoding the credentials in your Postman requests, replace them with the environment variable names (e.g., {{client_id}}, {{client_secret}}).

  4. Select the environment:

    • Before sending requests, ensure you’ve selected the LaravelAPI Environment in the top-right corner of Postman.

Conclusion

By combining the power of Postman and Laravel Passport, you can seamlessly test your API endpoints while maintaining secure authentication. Follow these steps to get started and create a smooth testing workflow.

API Testing Blog