TASKS 18: API Development - RadLeoOFC/laravel-admin-panel GitHub Wiki

API Development Report

Objective

The objective of this task is to expose certain functionalities, such as listing desks and memberships, via an API for external or frontend integration. The API should be secured using token-based authentication and properly documented.

1. API Routes

The API routes are defined in routes/api.php. These routes allow for reading and writing data related to desks and memberships. The routes are prefixed with v1/ to support future versioning.

Implemented Routes:

Route::prefix('v1')->group(function () {
    Route::get('/desks', [DeskController::class, 'index']);
    Route::post('/desks', [DeskController::class, 'store']);
    Route::get('/desks/{desk}', [DeskController::class, 'show']);
    Route::put('/desks/{desk}', [DeskController::class, 'update']);
    Route::delete('/desks/{desk}', [DeskController::class, 'destroy']);

    Route::get('/memberships', [MembershipController::class, 'index']);
    Route::post('/memberships', [MembershipController::class, 'store']);
    Route::get('/memberships/{membership}', [MembershipController::class, 'show']);
    Route::put('/memberships/{membership}', [MembershipController::class, 'update']);
    Route::delete('/memberships/{membership}', [MembershipController::class, 'destroy']);

    Route::post('/login', [AuthController::class, 'login']);
    Route::post('/logout', [AuthController::class, 'logout'])->middleware('auth:sanctum');
});

Screenshot: Laravel Route List

Laravel Route List

2. API Controllers

API controllers handle the logic for interacting with desks and memberships. Separate controllers were created using Laravel Artisan:

php artisan make:controller Api/DeskController
php artisan make:controller Api/MembershipController
php artisan make:controller Api/AuthController

Creation of Api controllers

Screenshot: Api/DeskController.php Api/DeskController.php in code editor

Screenshot: Api/MembershipController.php Api/MembershipController.php in code editor

Screenshot: Api/AuthController.php Api/AuthController.php in code editor

Example: DeskController Implementation

public function update(Request $request, Desk $desk)
{
    $request->validate([
        'name' => 'string|max:255',
        'location' => 'string|max:255',
        'status' => 'in:available,occupied,maintenance',
    ]);

    $desk->update($request->all());

    return response()->json(['message' => 'Desk updated successfully', 'desk' => $desk], 200);
}

Screenshot: Updating a Desk

Updating a Desk

3. API Authentication

To protect the API endpoints, Laravel Sanctum was implemented for token-based authentication. Only authenticated users can modify resources.

Steps:

  1. Install Sanctum 
    composer require laravel/sanctum
php artisan vendor:publish --provider="Laravel\Sanctum\SanctumServiceProvider"
php artisan migrate

Sanctum installation

  1. Configure Sanctum Middleware in app/Http/Kernel.php 
    protected $middlewareGroups = [
    'api' => [
        \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
        'throttle:api',
        \Illuminate\Routing\Middleware\SubstituteBindings::class,
    ],
];

Kernel file with API

  1. Protect Routes 
    Route::middleware('auth:sanctum')->group(function () {
    Route::put('/desks/{desk}', [DeskController::class, 'update']);
    Route::delete('/desks/{desk}', [DeskController::class, 'destroy']);
});

Screenshot: Unauthorized API Request (401 Error)

Unauthorized Error

Screenshot: Logging In and Retrieving Token

Logging In and Retrieving Token

4. Versioning & Documentation

To support API versioning, all routes are prefixed with v1/. This ensures future compatibility as new versions of the API can be introduced without breaking existing implementations.

API Documentation

A basic API documentation folder (docs/) has been created to store endpoint details. The documentation includes:

  • HTTP Method: GET, POST, PUT, DELETE
  • Endpoint: /api/v1/desks
  • Request Parameters: JSON payload examples
  • Response Examples

Additionally, Postman can be used for documenting and testing the API.

Screenshot: API Requests in Postman

Creation of desk API Request in Postman

Creating a desk in Potstam causes the new desk to appear in the user interface

Creation of membership API Request in Postman for membership creation

Creating a membership in Potstam causes the new membership to appear in the user interface

Conclusion

The API has been successfully developed with the following key features:

  • RESTful API endpoints for desks and memberships.
  • Token-based authentication using Laravel Sanctum.
  • Proper validation for incoming requests.
  • Versioning support for future updates.
  • Basic API documentation for external developers.

Future improvements can include rate limiting, API logging, and detailed Swagger documentation.