1. Intro & Setup
Welcome to the Laravel API course! Get ready to dive into the exciting world of building APIs with Laravel, the powerful and flexible PHP framework.
15:57
2. Cleaning up Laravel
Ready to supercharge your Laravel project for an API-first approach? Let’s dive into optimizing and cleaning it up to make it lightning-fast and ultra-efficient!
16:19
3. Data Modeling
When building an API, mastering the art of structuring your data and defining dynamic relationships between various entities is absolutely essential in Laravel 11.
24:27
4. API Design
When you design an API, it’s absolutely crucial to understand that every API should have a meaningful purpose!
33:09
5. Authentication & Authorization
Say goodbye to the hassle of manually crafting every single detail, and say hello to a streamlined, efficient process that keeps your endpoints vividly documented and ready to go!
14:15
6. Rate Limiting
When it comes to managing API requests, rate limiting is a key player. You don’t want to open the floodgates and let users bombard your API with endless requests.
8:24
7. API Versioning
API versioning might sound like a minor detail at first, but trust me, it's one of those decisions that can make or break the future usability of your API.
22:22
8. Pagination
When you're handling requests that could return extensive lists of resources, it's essential to implement pagination to ensure your responses are manageable and user-friendly.
11:43
9. API Standards
API standards, while useful, aren’t the be-all and end-all. What often takes precedence is discoverability and consistency in your API design.
26:17
10. Handling Errors
Today, we'll explore how to leverage Laravel 11’s error handling system by implementing the API Problem Specification and enhancing it with custom packages to provide consistent, informative error responses.
26:49
11. Write Operations
Let’s explore the steps to manage resources in a Laravel 11 API, focusing on creating, validating, updating, and deleting resources. We’ll use a real-world approach to ensure clarity and usability.
29:30
12. Internationalization
In our previous video, we dove deep into handling write operations—everything from data validation and authorization to deciding between synchronous and asynchronous processing.
11:44
13. Caching Data
In our previous video, we dove deep into handling write operations—everything from data validation and authorization to deciding between synchronous and asynchronous processing.
18:08
14. Basic Security
When it comes to API security, think of it not as a threat but as an opportunity—a chance to build robust, multilayered defenses around your API.
9:53
15. Cache Requests
In Laravel 11, we can take advantage of built-in HTTP features to manage our cache more effectively, streamlining both the response time and the overall user experience.
8:40
16. Scheduling tasks & Sending requests
When working on a Laravel API, the task scheduling system plays a significant role in automating background jobs.
40:33
17. Notifications
Whether you're building a ping service or any application that requires user communication, you’ll likely need to notify users when certain actions occur, such as a service failure.
15:57
18. Monitoring and Logging
When you're developing APIs, it's important to have a clear picture of how your API is performing in real-time.
21:33
19. Testing
When you're developing APIs or any web-based product using Laravel 11, testing plays a crucial role in ensuring that your application behaves as expected.
18:01
20. API Platform
When it comes to building web applications, Laravel has long been a go-to framework for many developers. It's a robust framework, especially for full-stack applications.
17:16
21. Feature Flags
When it comes to building web applications, Laravel has long been a go-to framework for many developers. It's a robust framework, especially for full-stack applications.
11:05
22. Web Sockets
When you're working with APIs, there's a common misconception that WebSockets aren't relevant.
9:58
23. Search API
When you're building APIs, one key feature that often gets overlooked is search. That's what we’ll explore today using TypeSense(https://typesense.org/), a powerful open-source search engine.
15:30
24. Documenting your API
By default, API Platform will give you an OpenAPI specification (currently version 3.1). This standard format allows your API to be easily understood by machines and developers alike.
07:06
Basic Security
When it comes to API security, think of it not as a threat but as an opportunity—a chance to build robust, multilayered defenses around your API. Laravel 11 has some fantastic built-in features to make your API safer, but there are also extra layers you can implement, including authentication, authorization, and advanced security headers. Now we'll walk through adding these layers to your Laravel API, making sure you're covered from top to bottom. This isn't a one-size-fits-all solution, but rather a foundational approach you can build upon as your API grows.
Authentication – The First Line of Defense
Before users can access any API functionality, they need to be authenticated. Laravel 11 simplifies this with enhanced authentication tools. You can set up multi-factor authentication (MFA) and require email verification, adding essential layers of protection to your API. Want to dive deeper into authentication? Check out Laravel's official documentation here.
Authorization – Controlling User Access
Once a user is authenticated, the next step is to ensure they can only perform actions on resources they own. Laravel’s policies and gates allow you to control this with precision. Whether it’s creating, modifying, or deleting data, authorization ensures that users manage their own data and nothing more. You can learn more about Laravel's authorization policies in the official docs.
Adding Security Headers
Now, let's talk about hardening your API even further. This is where security headers come into play. By adding headers, you protect against common attacks like cross-site request forgery (CSRF), cross-site scripting (XSS), and SQL injection. At Treblle, we've developed a package called Treblle Security Headers. It’s easy to use and integrates smoothly with your Laravel 11 API. Here’s how to get started:
Step 1 - Install Treblle Security Headers
First, you'll need to require the package in your project:
composer require treblle/security-headers
Step 2 - Publish the Configuration
After installation, publish the configuration file:
php artisan vendor:publish --tag=treblle-security
This will allow you to customize the headers to fit your API’s needs.
Step 3 - Customize the Headers
Once the configuration is published, you can start tweaking the settings. For example, you can enable Strict Transport Security (HSTS), enforce a Referrer Policy, or add Content-Type options.
Here’s a quick breakdown of some useful headers to add:
- Strict-Transport-Security: Forces users to interact with your site over HTTPS.
- Content-Security-Policy: Helps prevent XSS by specifying where scripts and resources can be loaded from.
- Referrer-Policy: Controls how much information about the referring page is sent with requests.
For more information on these headers, check out MDN’s guide on HTTP security headers.
Rate Limiting – Stopping Abuse in Its Tracks
Another essential layer of API security is rate limiting, which helps prevent abuse from bots or malicious users. Laravel 11 provides an easy way to throttle requests, ensuring that no user can overwhelm your API with too many requests in a short time. Learn more about Laravel’s rate limiting here.
Additional Security Layers
Beyond headers and rate limiting, consider additional security measures such as:
- Encryption: Ensuring sensitive data is always encrypted.
- Password Hashing: Protecting user passwords with secure hashing algorithms.
- Email Verification: Requiring users to verify their email before granting full access.
All of these are easy to implement with Laravel 11. Explore the Laravel security documentation to get the most out of these features.
Final Thoughts
Securing your API isn’t a one-time task. It's a continuous process of adding layers and refining your approach. With Laravel 11, you have powerful tools at your disposal to protect your API from a range of threats.