PHPackages                             garest/api-guard - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. garest/api-guard

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

garest/api-guard
================

A lightweight Laravel package for authenticating API clients without using user models

2.0.2(1mo ago)0101MITPHPPHP ^8.1

Since Feb 1Pushed 2mo agoCompare

[ Source](https://github.com/mrgarest/api-guard)[ Packagist](https://packagist.org/packages/garest/api-guard)[ Docs](https://github.com/mrgarest/api-guard)[ RSS](/packages/garest-api-guard/feed)WikiDiscussions main Synced 1mo ago

READMEChangelog (5)Dependencies (2)Versions (7)Used By (0)

ApiGuard (API Authentication for Laravel)
=========================================

[](#apiguard-api-authentication-for-laravel)

ApiGuard is a lightweight package for Laravel designed for secure API client authentication that does not require the creation or use of user models.

Features
--------

[](#features)

- Client-based authentication (no users).
- Scope-based authorization.
- Caching for performance.
- Logging failed authentication attempts.
- Blocking clients after failed authentication attempts.

Installation
------------

[](#installation)

```
composer require garest/api-guard
```

Publish config:

```
php artisan vendor:publish --tag=api-guard-config
```

Publish migrations:

```
php artisan vendor:publish --tag=api-guard-migrations
```

Run migrations:

```
php artisan migrate
```

Generating an encryption key and automatically adding it to the env file:

```
php artisan ag:key-generate
```

The generated key is important because it will be used to encrypt data in the database. If you change it, the old keys may not work!

Usage
-----

[](#usage)

Currently, ApiGuard supports two authentication methods for your API:

- [JWT](https://github.com/mrgarest/api-guard/blob/main/docs/jwt.md)
- [HMAC](https://github.com/mrgarest/api-guard/blob/main/docs/hmac.md)

Error Rendering
---------------

[](#error-rendering)

If you want to display custom errors instead of standard ones, you can do so by intercepting the ApiGuardException exception in `bootstrap/app.php`.

```
use Garest\ApiGuard\Exceptions\ApiGuardException;

withExceptions(function (Exceptions $exceptions) {
    $exceptions->render(function (ApiGuardException $e) {
        return response()->json([
            'status' => $e->status(),
            'code' => $e->code(),
            'message' => $e->getMessage(),
        ], $e->status());
    });
})
```

Failed Authentication Listener
------------------------------

[](#failed-authentication-listener)

You can hook into failed API authentication attempts via a Laravel event listener:

```
use Illuminate\Support\Facades\Event;
use Illuminate\Support\Facades\Log;
use Garest\ApiGuard\Events\AuthFailed;

Event::listen(AuthFailed::class, function ($event) {
    // Access failed request and exception
    $request = $event->request;
    $exception = $event->exception;

    // Example: log failure
    Log::warning('Authentication failed', [
        'ip' => $request->ip(),
        'path' => $request->path(),
        'method' => $request->method(),
        'message' => $exception->getMessage(),
    ]);
});
```

This allows you to track, log, or notify whenever a client fails authentication.

###  Health Score

40

—

FairBetter than 88% of packages

Maintenance87

Actively maintained with recent releases

Popularity12

Limited adoption so far

Community6

Small or concentrated contributor base

Maturity47

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~10 days

Total

6

Last Release

54d ago

Major Versions

1.1.0 → 2.0.02026-03-02

### Community

Maintainers

![](https://www.gravatar.com/avatar/4828c20df7aa59ea7f47e7cb820ee7effe24be077f03d5167c99e32202bb17ee?d=identicon)[garest](/maintainers/garest)

---

Top Contributors

[![mrgarest](https://avatars.githubusercontent.com/u/181940227?v=4)](https://github.com/mrgarest "mrgarest (14 commits)")

---

Tags

apiauthhmacjwtlaravelphpapilaravelauthtokenhmacGarestMrGarest

### Embed Badge

![Health badge](/badges/garest-api-guard/health.svg)

```
[![Health](https://phpackages.com/badges/garest-api-guard/health.svg)](https://phpackages.com/packages/garest-api-guard)
```

###  Alternatives

[erjanmx/laravel-api-auth

Dead simple Laravel api authorization middleware

2024.5k](/packages/erjanmx-laravel-api-auth)[pallant/laravel-aws-cognito-auth

An authentication driver for Laravel for authenticating users in AWS Cognito User Pools

777.7k](/packages/pallant-laravel-aws-cognito-auth)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)