I have a Laravel API that is currently hosted on a GoDaddy server. GoDaddy needed to migrate this application to a smaller server, and once they did, I am able to authenticate with the API with no errors; however, when I send a subsequent request with the API token, Laravel throws an AuthenticationException and I get a 401 error response.
Authentication Request
POST https://example.com/api/v1/authenticate
BODY {"api_token":"lKqsFGhhMfKFtly9Y2HJOiDOr1Gnu2eERbQlsPXXjZwZb1RZ"}
Authentication Response
{
"meta": {
"status": 200,
"success": true,
"results": 0,
"endpoint": "https://example.com/api/v1/authenticate"
},
"data": {
"player": {
"id": 667,
"username": "myusername",
"email": "[email protected]",
"is_logged_id": 1,
"api_token": "lKqsFGhhMfKFtly9Y2HJOiDOr1Gnu2eERbQlsPXXjZwZb1RZ"
}
}
}
Authenticated API Request
curl --location 'https://example.com/api/v1/categories' \
--header 'Accept: application/json' \
--header 'Authorization: Bearer lKqsFGhhMfKtr9f0zB4szYiFtly9Y2HJOiDOr1Gnu2eERbQlsPXXjZwZb1RZ' \
--header 'Cookie: XSRF-TOKEN=eyJpdiI6ImQwVk5TdkYwUTFtU25qb3RLYmR3dXc9PSIsInZhbHVlIjoiMi9tUWdWUDFjK0ozQVlNMzBQTVdJUmdaT2pjOCt3akMzZ0t5Z1huUlB0ekI1Q0drYlY0WEpvWkk3MlJWcVVrTVZ0SXdwRW14NnpCb2RMTDZMV1ZGa3crMmdJbXhZeU1GUGcrN1JBMytzQitEWWlkNzNqVWVUMTVoSkw0Z1BSOGsiLCJtYWMiOiIzN2ZkNWEzMjQxNmI3MTBiNjRhN2EzOGFhZTEzN2FkOTY0OTY0NTQ3NmE4YjU1NWQ0NDE4NjAzYTg3MzYzN2E1IiwidGFnIjoiIn0%3D'
Authenticated API Response with Headers
Symfony\Component\HttpFoundation\HeaderBag {#39 // app/Exceptions/Handler.php:15
#headers: array:8 [
"accept" => array:1 [
0 => "application/json"
]
"user-agent" => array:1 [
0 => "PostmanRuntime/7.37.0"
]
"cache-control" => array:1 [
0 => "no-cache"
]
"postman-token" => array:1 [
0 => "66cf99ea-91d9-4855-8ab7-901d0c75ad90"
]
"host" => array:1 [
0 => "example.com"
]
"accept-encoding" => array:1 [
0 => "gzip, deflate, br"
]
"connection" => array:1 [
0 => "keep-alive"
]
"x-https" => array:1 [
0 => "1"
]
]
#cacheControl: array:1 [
"no-cache" => true
]
}
{
"error": "Unauthenticated."
}
I can't reproduce this error using a local version of the same API, so it seems server-dependent. I have even downloaded the API from the site and run it using php artisan serve and haven't had the same issues. I have run composer install and have had no errors when running it. Could there be some server-side configuration that I am missing?
config/session.phpandconfig/cors.php). By the way, I was able to reproduce your error via Postman.dump($request)in the exception handler and see if it has the values you expect. You should also not post personal data in questions....htaccesslooks like bad news; you should have the web root of the server pointed at thepublicdirectory and NOT the application directory.publicdirectoryfile. the CORS config is:<?php return [ 'paths' => ['api/*', 'sanctum/csrf-cookie'], 'allowed_methods' => ['*'], 'allowed_origins' => ['*'], 'allowed_origins_patterns' => [], 'allowed_headers' => ['*'], 'exposed_headers' => [], 'max_age' => 0, 'supports_credentials' => false, ];Oddly enough, that is the same in the local version. I am able to reproduce this error against the production version in Postman; I am unable to reproduce this error running the API locally.