garest/api-guard

A lightweight Laravel package for authenticating API clients without using user models

Maintainers

Package info

github.com/mrgarest/api-guard

pkg:composer/garest/api-guard

Statistics

Installs: 89

Dependents: 0

Suggesters: 0

Stars: 0

Open Issues: 0

Security

Advisories: 0

Aikido package health analysis

2.0.1 2026-03-07 09:09 UTC

Requires

MIT f331a7983eecf71cb8e224f3379b9d1d3450becf

phpapiauthlaraveltokenhmacGarestMrGarest

This package is auto-updated.

Last update: 2026-03-07 09:10:17 UTC

README

ApiGuard is a lightweight package for Laravel designed for secure API client authentication that does not require the creation or use of user models.

Features

  • Client-based authentication (no users).
  • Scope-based authorization.
  • Caching for performance.
  • Logging failed authentication attempts.
  • Blocking clients after failed authentication attempts.

Installation

composer require garest/api-guard

Publish config:

php artisan vendor:publish --tag=api-guard-config

Publish migrations:

php artisan vendor:publish --tag=api-guard-migrations

Run migrations:

php artisan migrate

Generating an encryption key and automatically adding it to the env file:

php artisan ag:key-generate

The generated key is important because it will be used to encrypt data in the database. If you change it, the old keys may not work!

Usage

Currently, ApiGuard supports two authentication methods for your API:

Error Rendering

If you want to display custom errors instead of standard ones, you can do so by intercepting the ApiGuardException exception in bootstrap/app.php.

use Garest\ApiGuard\Exceptions\ApiGuardException;

withExceptions(function (Exceptions $exceptions) {
    $exceptions->render(function (ApiGuardException $e) {
        return response()->json([
            'status' => $e->status(),
            'code' => $e->code(),
            'message' => $e->getMessage(),
        ], $e->status());
    });
})

Failed Authentication Listener

You can hook into failed API authentication attempts via a Laravel event listener:

use Illuminate\Support\Facades\Event;
use Illuminate\Support\Facades\Log;
use Garest\ApiGuard\Events\AuthFailed;

Event::listen(AuthFailed::class, function ($event) {
    // Access failed request and exception
    $request = $event->request;
    $exception = $event->exception;

    // Example: log failure
    Log::warning('Authentication failed', [
        'ip' => $request->ip(),
        'path' => $request->path(),
        'method' => $request->method(),
        'message' => $exception->getMessage(),
    ]);
});

This allows you to track, log, or notify whenever a client fails authentication.