Expose the authorization logic of your REST API using HATEOAS links on your Laravel API resources

2.0.0 2022-02-27 14:28 UTC

This package is auto-updated.

Last update: 2022-11-27 16:01:41 UTC


Latest Version on Packagist GitHub 'Run Tests' Workflow Status Total Downloads

HATEOAS allows you to expose the authorization logic of your REST API. This package makes it easy to add HATEOAS links to your Laravel API resources.

Each resource has its HATEOAS links, and only the accessible links per resource are returned. If a link is not available on a resource, then the clients of your API can disable functionality linked to that HATEOAS link.

By default an array of links, in the following format, will be added to the JSON of a Laravel API resource:

    "data": [
            "id": 1,
            "text": "Hello world!",
            "_links": [
                    "rel": "self",
                    "type": "GET",
                    "href": "http://localhost/message/1"
                    "rel": "delete",
                    "type": "DELETE",
                    "href": "http://localhost/message/1"


You can install the package via composer:

composer require gdebrauwer/laravel-hateoas


You can create a new HATEOAS class for a model using the following artisan command:

php artisan make:hateoas MessageHateoas --model=Message

In the created class you can define public methods that will be used to generate the links. A method should either return a link or null.

class MessageHateoas
    use CreatesLinks;

    public function self(Message $message) : ?Link
        if (! auth()->user()->can('view', $message)) {

        return $this->link('', ['message' => $message]);

    public function delete(Message $message) : ?Link
        if (! auth()->user()->can('delete', $message)) {
            return $this->link('message.archive', ['message' => $message]);

        return $this->link('message.destroy', ['message' => $message]);

To add the links to an API resource, you have to add the HasLinks trait and use the $this->links() method. The HATEOAS class will be automatically discovered.

class MessageResource extends JsonResource
    use HasLinks;

    public function toArray($request) : array
        return [
            'id' => $this->id,
            'text' => $this->text,
            '_links' => $this->links(),



You can customize the JSON links formatting by providing a formatter class that implements the Formatter interface to the formatLinksUsing method. If the code to format the links is pretty small or you don't want to create a separate formatter class for it, you also have the option to provide a formatting callback function to the formatLinksUsing method.

use GDebrauwer\Hateoas\Hateoas;
use GDebrauwer\Hateoas\LinkCollection;

// Provide your own Formatter class ...

// ... Or provide a callback
Hateoas::formatLinksUsing(function (LinkCollection $links) {
    // return array based on links

HATEOAS class discovery

By default, the HATEOAS classes of models will be auto-discovered. Specifically, the HATEOAS classes must be in a Hateoas directory below the directory that contains the models. If you would like to provide your own HATEOAS class discovery logic, you can register a custom callback:

use GDebrauwer\Hateoas\Hateoas;

Hateoas::guessHateoasClassNameUsing(function (string $class) {
    // return a HATEOAS class name


composer test


composer lint


Please see CHANGELOG for more information what has changed recently.


Please see CONTRIBUTING for details.



The MIT License (MIT). Please see License File for more information.