Add API Keys to Your Laravel Models with Laravel Keyable


May 17th, 2019

Add API Keys to Your Laravel Models with Laravel Keyable

Laravel Keyable is a package by Liran Cohen that enables you to add API keys to any model and associate incoming requests with their respective model. You can also use Policies to authorize requests.

This package works by adding a Keyable trait to a given model (i.e., Company model) that creates a polymorphic association between a model and an API key:

use Illuminate\Database\Eloquent\Model;
use Givebutter\LaravelKeyable\Keyable;
class Account extends Model
use Keyable;
// ...

Using a middleware that the package provides, a token will be validated via a configurable strategy comprised of a bearer token, a custom header (i.e., X-Authorization), or a query param.

After validation, you configure a policy and check for authorization in the controller like this, for example:

namespace App\Http\Controllers\PostController;
use App\Models\Post;
use Illuminate\Http\Request;
use App\Http\Controllers\Controller;
use Givebutter\LaravelKeyable\Auth\AuthorizesKeyableRequests;
class PostController extends Controller {
use AuthorizesKeyableRequests;
public function show(Post $post) {
$this->authorizeKeyable('view', $post);
// ...

In the controller, you can further scope your queries based on the “keyable” model that is added to the request object:

$model = $request->keyable;
// Example of scoping the API resource

Last, you can use a provided artisan command to create an API key for a given model:

php artisan api-key:generate --id=1 --type="App\Models\Account"

You can learn more about this package, get full installation instructions, and view the source code on GitHub at givebutter/laravel-keyable.

Filed in:

Paul Redmond

Full stack web developer. Author of Lumen Programming Guide and Docker for PHP Developers.