This content originally appeared on DEV Community and was authored by ahmadasroni38
Panduan ini sangat lengkap, detail, dan proper untuk membuat backend authentication (login, register, logout, dan proteksi API) pada Laravel 9 menggunakan Sanctum serta database MySQL. Tutorial ini cocok untuk pemula maupun menengah.
Daftar Isi
- Persiapan Lingkungan
- Install Laravel 9
- Konfigurasi Database MySQL
- Install Laravel Sanctum
- Publish dan Migrasi Sanctum
- Konfigurasi Auth Sanctum
- Buat Endpoint Authentication (Register, Login, Logout, Me)
- Proteksi Route API dengan Sanctum
- Test API dengan Postman
- Tips dan Best Practice
- Penutup
1. Persiapan Lingkungan
- Composer: Download di sini
- PHP: minimal versi 8.0
- MySQL: pastikan sudah terinstall & running
- Postman atau API Client lain (untuk testing)
- Terminal/Command Prompt
2. Install Laravel 9
Jalankan perintah berikut di terminal:
composer create-project laravel/laravel:^9.0 laravel-sanctum-auth
cd laravel-sanctum-auth
3. Konfigurasi Database MySQL
Edit file .env dan sesuaikan konfigurasi berikut:
DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=nama_database
DB_USERNAME=root
DB_PASSWORD=passwordmysql
Buat database di MySQL sesuai nama pada DB_DATABASE (misal: laravel_sanctum).
4. Install Laravel Sanctum
Jalankan perintah berikut:
composer require laravel/sanctum
5. Publish dan Migrasi Sanctum
Publish config Sanctum:
php artisan vendor:publish --provider="Laravel\Sanctum\SanctumServiceProvider"
Lalu migrate:
php artisan migrate
6. Konfigurasi Auth Sanctum
a. Tambahkan middleware Sanctum di app/Http/Kernel.php pada group api:
// app/Http/Kernel.php
protected $middlewareGroups = [
// ...
'api' => [
\Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
'throttle:api',
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
];
b. Set driver API di .env:
SANCTUM_STATEFUL_DOMAINS=localhost
SESSION_DRIVER=cookie
Tapi untuk API pada mobile atau pure API, cukup gunakan middleware
auth:sanctumdi route.
7. Buat Endpoint Authentication (Register, Login, Logout, Me)
a. Buat Controller
php artisan make:controller AuthController
b. Implementasi Controller
// app/Http/Controllers/AuthController.php
<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use App\Models\User;
use Illuminate\Support\Facades\Hash;
class AuthController extends Controller
{
// REGISTER
public function register(Request $request)
{
$request->validate([
'name' => 'required|string|max:255',
'email' => 'required|string|email|unique:users',
'password' => 'required|string|min:6',
]);
$user = User::create([
'name' => $request->name,
'email' => $request->email,
'password' => Hash::make($request->password),
]);
return response()->json([
'message' => 'User registered successfully!',
'user' => $user
], 201);
}
// LOGIN
public function login(Request $request)
{
$request->validate([
'email' => 'required|email',
'password' => 'required',
]);
$user = User::where('email', $request->email)->first();
if (! $user || ! Hash::check($request->password, $user->password)) {
return response()->json(['message' => 'Invalid credentials'], 401);
}
$token = $user->createToken('auth_token')->plainTextToken;
return response()->json([
'message' => 'Login success!',
'access_token'=> $token,
'token_type' => 'Bearer',
'user' => $user,
]);
}
// LOGOUT
public function logout(Request $request)
{
$request->user()->currentAccessToken()->delete();
return response()->json([
'message' => 'Logged out successfully'
]);
}
// ME - Get current user
public function me(Request $request)
{
return response()->json($request->user());
}
}
c. Tambahkan Route API
// routes/api.php
use App\Http\Controllers\AuthController;
Route::post('/register', [AuthController::class, 'register']);
Route::post('/login', [AuthController::class, 'login']);
Route::middleware('auth:sanctum')->group(function () {
Route::post('/logout', [AuthController::class, 'logout']);
Route::get('/me', [AuthController::class, 'me']);
});
8. Proteksi Route API dengan Sanctum
Contoh menambah route yang hanya bisa diakses oleh user yang sudah login:
Route::middleware('auth:sanctum')->get('/profile', function (Request $request) {
return response()->json($request->user());
});
Bisa juga untuk route resource lain:
Route::middleware('auth:sanctum')->group(function() {
Route::get('/posts', [PostController::class, 'index']);
// dan lain-lain...
});
9. Test API dengan Postman
a. Register
-
POST
http://localhost:8000/api/register -
Body (JSON):
{ "name": "Roni", "email": "roni@example.com", "password": "password123" }
b. Login
-
POST
http://localhost:8000/api/login -
Body (JSON):
{ "email": "roni@example.com", "password": "password123" } Response: Dapatkan
access_token.
c. Akses Endpoint /me
-
GET
http://localhost:8000/api/me -
Header:
Authorization: Bearer <access_token> Response: Data user yang sedang login.
d. Logout
-
POST
http://localhost:8000/api/logout -
Header:
Authorization: Bearer <access_token>
10. Tips dan Best Practice
- Gunakan HTTPS di server production.
- Validasi semua input user.
- Untuk multi device login, jangan lupa revoke token jika diperlukan:
$request->user()->tokens()->delete(); // logout all device
- Untuk mobile app, gunakan storage secure untuk token.
11. Penutup
Sekarang backend Laravel 9 Anda sudah mendukung autentikasi API yang aman menggunakan Sanctum dan MySQL.
Anda bisa menambah fitur, seperti verifikasi email, reset password, atau role management sesuai kebutuhan.
Selamat mencoba! 🚀
Referensi:
This content originally appeared on DEV Community and was authored by ahmadasroni38
Print
Share
Comment
Cite
Upload
Translate
Updates
There are no updates yet.
Click the Upload button above to add an update.
APA
MLA
ahmadasroni38 | Sciencx (2025-06-28T18:39:48+00:00) Tutorial Lengkap: Membuat Laravel Backend Auth Menggunakan Sanctum (Laravel 9 & MySQL). Retrieved from https://www.scien.cx/2025/06/28/tutorial-lengkap-membuat-laravel-backend-auth-menggunakan-sanctum-laravel-9-mysql/
" » Tutorial Lengkap: Membuat Laravel Backend Auth Menggunakan Sanctum (Laravel 9 & MySQL)." ahmadasroni38 | Sciencx - Saturday June 28, 2025, https://www.scien.cx/2025/06/28/tutorial-lengkap-membuat-laravel-backend-auth-menggunakan-sanctum-laravel-9-mysql/
HARVARDahmadasroni38 | Sciencx Saturday June 28, 2025 » Tutorial Lengkap: Membuat Laravel Backend Auth Menggunakan Sanctum (Laravel 9 & MySQL)., viewed ,<https://www.scien.cx/2025/06/28/tutorial-lengkap-membuat-laravel-backend-auth-menggunakan-sanctum-laravel-9-mysql/>
VANCOUVERahmadasroni38 | Sciencx - » Tutorial Lengkap: Membuat Laravel Backend Auth Menggunakan Sanctum (Laravel 9 & MySQL). [Internet]. [Accessed ]. Available from: https://www.scien.cx/2025/06/28/tutorial-lengkap-membuat-laravel-backend-auth-menggunakan-sanctum-laravel-9-mysql/
CHICAGO" » Tutorial Lengkap: Membuat Laravel Backend Auth Menggunakan Sanctum (Laravel 9 & MySQL)." ahmadasroni38 | Sciencx - Accessed . https://www.scien.cx/2025/06/28/tutorial-lengkap-membuat-laravel-backend-auth-menggunakan-sanctum-laravel-9-mysql/
IEEE" » Tutorial Lengkap: Membuat Laravel Backend Auth Menggunakan Sanctum (Laravel 9 & MySQL)." ahmadasroni38 | Sciencx [Online]. Available: https://www.scien.cx/2025/06/28/tutorial-lengkap-membuat-laravel-backend-auth-menggunakan-sanctum-laravel-9-mysql/. [Accessed: ]
rf:citation » Tutorial Lengkap: Membuat Laravel Backend Auth Menggunakan Sanctum (Laravel 9 & MySQL) | ahmadasroni38 | Sciencx | https://www.scien.cx/2025/06/28/tutorial-lengkap-membuat-laravel-backend-auth-menggunakan-sanctum-laravel-9-mysql/ |
Please log in to upload a file.
There are no updates yet.
Click the Upload button above to add an update.