boone-studios / laravel-api-keys
Prefixed, hashed API keys with scope-to-permission mapping for multi-tenant Laravel APIs.
v0.1.1
2026-07-11 21:57 UTC
Requires
- php: ^8.2
- boone-studios/laravel-scoped-roles: ^0.1
- illuminate/database: ^12.0|^13.0
- illuminate/http: ^12.0|^13.0
- illuminate/support: ^12.0|^13.0
Requires (Dev)
- orchestra/testbench: ^10.0|^11.0
- pestphp/pest: ^3.0|^4.0
- pestphp/pest-plugin-laravel: ^3.0|^4.0
This package is auto-updated.
Last update: 2026-07-11 21:59:20 UTC
README
Prefixed, hashed API keys with scope-to-permission mapping for multi-tenant Laravel APIs. Pairs naturally with boone-studios/laravel-scoped-roles via TokenPermissionResolver.
Features
- Brand-prefixed secrets (
app_live_…) with masked display prefixes - Hashed storage with prefix lookup +
Hash::check - Revocation and expiration support
- Scope → permission bridge for unified API + dashboard authorization
- Configurable tenant guard hook (e.g. block deleted organizations)
Requirements
- PHP 8.2+
- Laravel 12 or 13
boone-studios/laravel-scoped-roles(for token permission integration)
Installation
composer require boone-studios/laravel-scoped-roles boone-studios/laravel-api-keys
php artisan vendor:publish --tag=api-keys-config php artisan vendor:publish --tag=api-keys-migrations php artisan migrate
Quick start
- Implement
ResolvesScopePermissionson your scope enum (mapsread/write/admin→ permission strings). - Implement
ResolvesEnvironmentFromTokenPrefixif you support multiple environments. - Optionally implement
GuardsAuthenticatedTenantfor tenant availability checks. - Extend
BooneStudios\ApiKeys\Models\ApiKeyand add your tenant relation. - Register middleware:
auth.api_key.
License
MIT © Boone Studios, LLC