Chat with us, powered by LiveChat

This website uses cookies

Our website, platform and/or any sub domains use cookies to understand how you use our services, and to improve both your experience and our marketing relevance.

Say hello to redesigned Cloudways, an empowering Startup Program, enhanced Staging, a new Let’s Encrypt Wildcard SSL certificate feature, and more. GET STARTED

Create a REST API for ToDo App with Authentication Using Lumen

Updated on April 27, 2017

7 Min Read
Reading Time: 7 minutes

In the first installment of the series on creating a ToDo App with Laravel 5.4, I added an API_KEY column in the user table and commented that I might use it in the future. I will use it in this second installment of the series.

In this article, I am going to use the same tables that I created in the ToDo App. I will connect it with Lumen and create a REST API. This API will feature:

  • An API Key will be generated and sent to the user, once a login request is sent to the API.
  • In order to perform CRUD operations, the user needs to add this API key in the authorization header. If the API key is not valid, the request will not proceed.

rest api lumen authentication

The complete code for this tutorial can be found on Github repo.

Create a New Lumen Project

I will start with creating a new Lumen project for the ToDo REST API. For this, run the following command:

Wait for a composer to create the Lumen project. Now edit the .env file and update it with the database information. I am going to use the same tables that I have created in first part of the ToDo app.

Now, I need to setup Lumen to use Facade and Eloquent. For this, head to the bootstrap folder and open app.php file. In the file, uncomment the following lines:

Create the User Model

Now head to the app folder and create a new file. Name it Users.php and paste the following code in it.

In the Users model, I defined its relationship with the Todo Table along with foreign id.

laravel cta

Create a ToDo Model

Now, in the same folder, create a new file and name it Todo.php. Now paste the following code in it.


Create the User Controller

Now go to app/Http/Controllers and create a new file with the name UsersController.php. Paste the following code in it:

In this controller, I created an authenticate model which checks whether the user is valid. If the user is valid, it returns an API key. If not, it returns a fail error with the response code 401.

Update the Auth Service Provider

Now, head to the app/Providers and open AutheServiceProvider.php file. In this file, I will check the validity of the API key that the user sends in for performing ToDo operations.

In the file, at the top of the code, after namespace, add the following line:

Now go to the boot() method and replace the code in it with the following:

In this code, I will check that the user have a valid API key and then append the verified userid to the request. If the API is not verified, it will return Unauthorized. In order to customized this message, head to the app/Http/Middleware folder and open Authenticate.php file. In this file, go to the handle() method and change the line inside the if with the following.

The next action item is the creation of the routes.

Create the ToDo Controller

Now in the Controllers folder, create a new file and name it TodoController.php. Paste the following code in it:

In this code, I am simply performing CRUD operation once the user have a valid API key. The auth middleware tests whether the user have a valid API key. I have created a different validation method in it; one is for creating a new ToDo item, which is the store() method in which I am validating all the required fields. But in the edit() method, I am only testing if that field is in parameter and that it shouldn’t be empty.

Create Routes For the Todo API

Now go to the routes folder and open the web.php file. Inside this file, add the following routes.

All the hard work is done. I will now test it!

Test the ToDo REST API

For testing the REST API, I will use PostMan. Before getting started with the testing, run the following command inside the Lumen app folder to start a server.

Login using the API

Now in the PostMan, try to login with the email and password you used for the ToDo app.

Send a GET request to: http://localhost:8000/api/login/ along with the email and password parameter

You will receive a Success message along with the API Key.

Get All the ToDo Items

I will now try to get all the ToDo items of a user, without adding an API key. For this, send a GET request to: http://localhost:8000/api/todo

You will get an error of Unauthorized. Now I will add the API key in the Authorization header, and then send the request again.

This time, you will get all the ToDo items of the user.

Create a New ToDo Item

I will now create a new ToDo item. For this, send a POST request to: http://localhost:8000/api/todo along with todo, description and category parameters. Remember to add the API key in the header or else you will get the error message.

If all fields are filled, you will get the Success message.

I will now test validation by trying to send a ToDo create request with an empty description field.

As expected, you will get an error.

Edit a ToDo

To edit a todo send a PUT request to http://localhost:8000/api/todo/{id} along with the todo,description and category parameters you like to edit.

Delete a ToDo Item

I will now delete a ToDo item. Send a DELETE request to http://localhost:8000/api/todo/{id}.

Now, when you try to get all ToDo items, you will see that the particular item has been deleted.

Final Words

This is the end of this tutorial series. The complete code can be found on Github. If you are unable to understand anything or would like to contribute to the discussion, do leave a comment below.

Share your opinion in the comment section. COMMENT NOW

Ahmed Khan

Ahmed was a PHP community expert at Cloudways - A Managed PHP Hosting Cloud Platform. He is a software engineer with extensive knowledge in PHP and SEO. He loves watching Game of Thrones is his free time. Follow Ahmed on Twitter to stay updated with his works. You can email him at

Create Laravel apps without the worry of server management.

Deploy your app on optimized PHP hosting servers for Laravel.

Get Our Newsletter
Be the first to get the latest updates and tutorials.