Is ApiGuard still maintained for Laravel?

No, ApiGuard is no longer maintained. The README clearly states that Laravel 5.8+ has built-in API authentication, and Laravel Sanctum is the recommended alternative for newer versions.

How do I generate an API key with ApiGuard?

Use the Artisan command `php artisan api-key:generate` or link it to a model with options like `--id=1 --type='App\User'`. The README provides step-by-step examples for both basic and polymorphic key generation.

ApiGuard vs Laravel Sanctum: which should I use?

For modern Laravel projects, Sanctum is superior as it's officially maintained, supports API tokens and SPA authentication, and integrates better with Laravel's ecosystem. ApiGuard is only suitable for legacy systems on older Laravel versions.

Can ApiGuard handle JSON Web Tokens (JWT)?

No, ApiGuard is designed specifically for API key authentication. For JWT support, you would need a dedicated package like tymon/jwt-auth or use Laravel Passport for OAuth-based token authentication.

How to secure API routes using ApiGuard middleware?

Attach the `auth.apikey` middleware to your routes in Laravel's route files, such as in routes/api.php. The README shows examples like `Route::middleware(['auth.apikey'])->get(...)` for quick protection.

Is ApiGuard compatible with Laravel 8 or 9?

ApiGuard was last updated for Laravel 5.3 to 5.5. Using it with Laravel 8 or 9 is not recommended and may cause conflicts, as Laravel has introduced significant changes and native authentication solutions since then.

Open-Awesome

ApiGuard

MITPHPv3.1.2

A Laravel package for authenticating RESTful APIs with API keys, featuring built-in transformers and validation.

GitHub

694 stars141 forks0 contributors

What is ApiGuard?

ApiGuard is a Laravel package designed to authenticate RESTful APIs using API keys. It provides middleware to protect routes, tools for generating and managing keys, and integrates with Fractal for standardized JSON responses. It solves the need for a simple, integrated API authentication solution in Laravel applications before native features were available.

Target Audience

Laravel developers building RESTful APIs that require API key-based authentication, especially those using Laravel versions prior to 5.8.

Value Proposition

Developers chose ApiGuard for its ease of integration, built-in support for transformers and validation error handling, and polymorphic key management linking API keys to models like users.

Overview

A simple way of authenticating your RESTful APIs with API keys using Laravel

Use Cases

Best For

Securing Laravel REST APIs with API key authentication
Generating and managing API keys linked to user models
Standardizing JSON API responses using Fractal transformers
Handling API validation errors with consistent JSON formats
Adding API key middleware to Laravel route groups
Migrating from older Laravel API authentication solutions

Not Ideal For

Projects using Laravel 5.8 or later, where native API authentication or Sanctum is available
Teams needing ongoing maintenance, security updates, or modern framework compatibility
Applications requiring OAuth 2.0, JWT, or multi-factor authentication methods
New developers who should learn current Laravel best practices instead of deprecated packages

Pros & Cons

Pros

Polymorphic Key Linking

API keys can be attached to multiple models using the Apikeyable trait, enabling flexible associations for users or other entities without custom code.

Built-in Fractal Support

Integrates seamlessly with Fractal transformers to deliver standardized, customizable JSON API responses, as demonstrated in the controller examples.

Easy Route Protection

Middleware like auth.apikey allows quick securing of API routes with minimal configuration, shown in the README with simple route definitions.

Artisan Key Management

Includes commands such as api-key:generate for creating and managing API keys from the console, streamlining setup and administration.

Cons

Deprecated and Unmaintained

The package is explicitly no longer maintained, with the author recommending Laravel's native features or Sanctum, posing risks for security and compatibility.

Limited Authentication Scope

Focuses only on API key authentication, lacking support for modern methods like OAuth or JWT, which restricts its use in complex security scenarios.

Dependency on External Libraries

Relies on third-party packages like Fractal and api-response, adding potential compatibility issues and learning overhead beyond core Laravel.

Frequently Asked Questions

Related Projects

LiveWire

A full-stack framework for Laravel that takes the pain out of building dynamic UIs.

Stars23,530

Forks1,739

Last commit4 days ago

Debug Bar

Debugbar for Laravel (Integrates PHP Debug Bar)

Stars19,246

Forks1,605

Last commit5 days ago

IDE Helper

IDE Helper for Laravel

Stars14,933

Forks1,191

Last commit1 month ago

Intervention Image

PHP Image Processing

Stars14,346

Forks1,493