Build Production-ready APIs in Laravel with Tyro

Last updated on by

Build Production-ready APIs in Laravel with Tyro image

Tyro is an API package for building production-ready APIs in Laravel. It has a zero-config setup with authentication, authorization, privilege management, 40+ Artisan commands, and battle-tested security. You can use this package to quickly ship secure APIs in Laravel.

Using Tyro's built-in roles and privileges, you can protect routes using the roles, privilege, and privileges middleware:

use Illuminate\Support\Facades\Route;
 
// Require authentication
Route::middleware(['auth:sanctum'])
->get('/profile', ProfileController::class);
 
// Require specific role
Route::middleware(['auth:sanctum', 'role:admin'])
->get('/admin/dashboard', AdminDashboardController::class);
 
// Allow any of multiple roles
Route::middleware(['auth:sanctum', 'roles:admin,editor'])
->post('/articles', ArticleController::class);
 
// Require specific privilege
Route::middleware(['auth:sanctum', 'privilege:reports.run'])
->get('/reports', ReportController::class);
 
// Allow any of multiple privileges
Route::middleware(['auth:sanctum', 'privileges:billing.view,reports.run'])
->get('/analytics', AnalyticsController::class);

You can also protect API routes using a mix of roles and privileges, called abilities:

// Require ALL abilities (roles and/or privileges)
Route::middleware(['auth:sanctum', 'ability:admin,reports.run'])
->post('/reports/export', ReportExportController::class);
 
// Allow ANY ability
Route::middleware(['auth:sanctum', 'abilities:admin,super-admin,reports.run'])
->get('/reports/advanced', AdvancedReportController::class);

Here's an example of logging in and getting an API token out of the box after installing Tyro:

curl -X POST http://tyro-demo.test/api/login \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-d '{"email":"admin@tyro.project","password":"tyro"}'
{
"error": 0,
"id": 1,
"name": "Tyro Admin",
"token": "1|mNYqXI9AfPZw1bppwc3WK1F8WSHNAOnAYqV8RR0Oaa1644f7"
}
 
# Use the token
curl http://tyro-demo.test/api/me \
-H "Authorization: Bearer 1|mNYqXI9AfPZw1bppwc3WK1F8WSHNAOnAYqV8RR0Oaa1644f7"
{
"id": 1,
"name": "Tyro Admin",
"email": "admin@tyro.project",
"email_verified_at": null,
"created_at": "2025-11-27T02:46:33.000000Z",
"updated_at": "2025-11-27T02:46:33.000000Z",
"suspended_at": null,
"suspension_reason": null
}

Main Features

  • Zero configuration: install and inherit login, registration, profile, role, privileges, and more.
  • Security Hardened: Sanctum tokens, suspension workflows, and middleware stack.
  • Roles and Privileges: Reusable privileges per-role via HTTP or CLI.
  • 40+ CLI Commands: Seed roles, privileges, rotate tokens, suspend users, and more.
  • Production Ready: Provides factories, seeders, tests, and an official Postman collection.
  • Fully Extensible: Publish config, migrations, factories, and override Tyro internals as needed.
  • Read the documentation for a complete list of features and customizations.

👨‍💻 The source code is available on GitHub: hasinhayder/tyro

Paul Redmond photo

Staff writer at Laravel News. Full stack web developer and author.

Cube

Laravel Newsletter

Join 40k+ other developers and never miss out on new tips, tutorials, and more.

image
Tinkerwell

Enjoy coding and debugging in an editor designed for fast feedback and quick iterations. It's like a shell for your application – but with multi-line editing, code completion, and more.

Visit Tinkerwell
Kirschbaum logo

Kirschbaum

Providing innovation and stability to ensure your web application succeeds.

Kirschbaum
PhpStorm logo

PhpStorm

The go-to PHP IDE with extensive out-of-the-box support for Laravel and its ecosystem.

PhpStorm
Harpoon: Next generation time tracking and invoicing logo

Harpoon: Next generation time tracking and invoicing

The next generation time-tracking and billing software that helps your agency plan and forecast a profitable future.

Harpoon: Next generation time tracking and invoicing
No Compromises logo

No Compromises

Joel and Aaron, the two seasoned devs from the No Compromises podcast, are now available to hire for your Laravel project. ⬧ Flat rate of $9500/mo. ⬧ No lengthy sales process. ⬧ No contracts. ⬧ 100% money back guarantee.

No Compromises
SaaSykit: Laravel SaaS Starter Kit logo

SaaSykit: Laravel SaaS Starter Kit

SaaSykit is a Multi-tenant Laravel SaaS Starter Kit that comes with all features required to run a modern SaaS. Payments, Beautiful Checkout, Admin Panel, User dashboard, Auth, Ready Components, Stats, Blog, Docs and more.

SaaSykit: Laravel SaaS Starter Kit
Laravel Cloud logo

Laravel Cloud

Easily create and manage your servers and deploy your Laravel applications in seconds.

Laravel Cloud
Tinkerwell logo

Tinkerwell

The must-have code runner for Laravel developers. Tinker with AI, autocompletion and instant feedback on local and production environments.

Tinkerwell
Shift logo

Shift

Running an old Laravel version? Instant, automated Laravel upgrades and code modernization to keep your applications fresh.

Shift
Acquaint Softtech logo

Acquaint Softtech

Acquaint Softtech offers AI-ready Laravel developers who onboard in 48 hours at $3000/Month with no lengthy sales process and a 100 percent money-back guarantee.

Acquaint Softtech
Lucky Media logo

Lucky Media

Get Lucky Now - the ideal choice for Laravel Development, with over a decade of experience!

Lucky Media

The latest

View all →
Laravel Quota: Usage Budgets for Calendar Periods image

Laravel Quota: Usage Budgets for Calendar Periods

Read article
Find the Security Vulnerabilities in Your Laravel App with Sensagraph image

Find the Security Vulnerabilities in Your Laravel App with Sensagraph

Read article
Uvora: A macOS Menu Bar App for Finding Laravel Projects image

Uvora: A macOS Menu Bar App for Finding Laravel Projects

Read article
Passwordless Sign-In with Fortify Two-Factor Support in Laravel image

Passwordless Sign-In with Fortify Two-Factor Support in Laravel

Read article
Intercept: Middleware Guardrails for Laravel AI Agents image

Intercept: Middleware Guardrails for Laravel AI Agents

Read article
AI Review for Laravel Upgrades image

AI Review for Laravel Upgrades

Read article