PHPackages                             lparede/laravel-api-key - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. lparede/laravel-api-key

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

lparede/laravel-api-key
=======================

Authorize requests to your Laravel application with API keys

1.0.7(3y ago)01.1kMITPHPPHP &gt;=5.5.9

Since Nov 4Pushed 3y agoCompare

[ Source](https://github.com/lparede/laravel-api-key)[ Packagist](https://packagist.org/packages/lparede/laravel-api-key)[ RSS](/packages/lparede-laravel-api-key/feed)WikiDiscussions master Synced 1mo ago

READMEChangelog (3)DependenciesVersions (10)Used By (0)

Laravel API Key Auth
====================

[](#laravel-api-key-auth)

[![Total Downloads](https://camo.githubusercontent.com/b0c2d2c47d03632477496e5d38b7daf43fe2f6d7bd6b60bc94121e254abc5d05/68747470733a2f2f706f7365722e707567782e6f72672f6c7061726564652f6c61726176656c2d6170692d6b65792f642f746f74616c2e737667)](https://packagist.org/packages/lparede/laravel-api-key)[![Latest Stable Version](https://camo.githubusercontent.com/2d2b6038c51531d1c4e07f9322a7be4e9d17eea656c239af24f55d331860d795/68747470733a2f2f706f7365722e707567782e6f72672f6c7061726564652f6c61726176656c2d6170692d6b65792f762f737461626c652e737667)](https://packagist.org/packages/lparede/laravel-api-key)[![License](https://camo.githubusercontent.com/b26a5f31bbacef18af15077dd5ec152675f7a48412a53ca0afbc16145eb0706f/68747470733a2f2f706f7365722e707567782e6f72672f6c7061726564652f6c61726176656c2d6170692d6b65792f6c6963656e73652e737667)](https://packagist.org/packages/lparede/laravel-api-key)

About this Repository
---------------------

[](#about-this-repository)

This repository was forked from [ejarnutowski/laravel-api-key](https://github.com/ejarnutowski/laravel-api-key).

The `auth.apikey` middleware was renamed to `auth-api-key` and a new `auth-api-name` middleware was added.

Installation
------------

[](#installation)

Run `composer require lparede/laravel-api-key`.

In your `config/app.php` file, add the Laravel API Key service provider to the end of the `providers` array.

```
'providers' => [
    ...
    Lparede\LaravelApiKey\Providers\ApiKeyServiceProvider::class,
],
```

Publish the migration and config files

```
$ php artisan vendor:publish

```

Run the migrations

```
$ php artisan migrate

```

3 new database tables will be created:

- api\_keys
- api\_key\_access\_events
- api\_key\_admin\_events

Managing Keys
-------------

[](#managing-keys)

Generate a new key using `php artisan apikey:generate {name}`. The name argument is the name of your API key. All new keys are active by default.

```
$ php artisan apikey:generate app1

// API key created
// Name: app1
// Key: 0ZdNlr7LrQocaqz74k6usQsOsqhqSIaUarSTf8mxnHuQVh9CvKAfpUy94VvBmFMq
```

Deactivate a key using `php artisan apikey:deactivate {name}`.

```
$ php artisan apikey:deactivate app1

// Deactivated key: app1
```

Activate a key using `php artisan apikey:activate {name}`.

```
$ php artisan apikey:activate app1

// Activated key: app1
```

Delete a key. You'll be asked to confirm. Keys are [soft-deleted](https://laravel.com/docs/eloquent#soft-deleting) for record keeping.

```
$ php artisan apikey:delete app1

// Are you sure you want to delete API key 'app1'? (yes/no) [no]:
// > yes

// Deleted key: app1
```

List all keys. The -D or --deleted flag includes deleted keys

```
$ php artisan apikey:list -D

// +----------+----+-------------+---------------------+------------------------------------------------------------------+
// | Name     | ID | Status      | Status Date         | Key                                                              |
// +----------+----+-------------+---------------------+------------------------------------------------------------------+
// | app1     | 5  | deleted     | 2017-11-03 13:54:51 | 0ZdNlr7LrQocaqz74k6usQsOsqhqSIaUarSTf8mxnHuQVh9CvKAfpUy94VvBmFMq |
// | app2     | 1  | deleted     | 2017-11-02 22:34:28 | KuKMQbgZPv0PRC6GqCMlDQ7fgdamsVY75FrQvHfoIbw4gBaG5UX0wfk6dugKxrtW |
// | app3     | 3  | deactivated | 2017-11-02 23:12:34 | IrDlc7rSCvUzpZpW8jfhWaH235vJAqFwyzVWpoD0SLGzOimA6hcwqMvy4Nz6Hntn |
// | app4     | 2  | active      | 2017-11-02 22:48:13 | KZEl4Y2HMuL013xvg6Teaa7zHPJhGy1TDhr2zWzlQCqTxqTzyPTcOV6fIQZVTIU3 |
// +----------+----+-------------+---------------------+------------------------------------------------------------------+
```

Usage
-----

[](#usage)

### Implementing Authorization

[](#implementing-authorization)

A new `auth-api-key` and `auth-key-name` route middlewares has been registered for you to use in your routes or controllers. Below are examples on how to use middleware, but for detailed information, check out [Middleware](https://laravel.com/docs/middleware) in the Laravel Docs.

Route example

```
Route::get('api/user/1', function () {
    //
})->middleware('auth-api-key');
```

or

```
Route::get('api/user/1', function () {
    //
})->middleware('auth-api-name:app1');
```

Controller example

```
class UserController extends Controller
{
    /**
     * Instantiate a new controller instance.
     *
     * @return void
     */
    public function __construct()
    {
        $this->middleware('auth-api-key');
    }
}
```

or

```
class UserController extends Controller
{
    /**
     * Instantiate a new controller instance.
     *
     * @return void
     */
    public function __construct()
    {
        $this->middleware('auth-api-name:app1');
    }
}
```

### Authorizing Requests

[](#authorizing-requests)

In order to pass the `auth-api-key` middleware, requests must include an `X-Authorization` header as part of the request, with its value being an active API key.

```
X-Authorization: KuKMQbgZPv0PRC6GqCMlDQ7fgdamsVY75FrQvHfoIbw4gBaG5UX0wfk6dugKxrtW

```

Unauthorized Requests
---------------------

[](#unauthorized-requests)

Requests that do not pass authorization will receive an HTTP 401 Status Code with the following response

```
{
    "errors": [
        {
            "message": "Unauthorized"
        }
    ]
}
```

Event History
-------------

[](#event-history)

All API requests that pass authorization are logged in the `api_key_access_events` table. A record is created for each request with the following information:

- api\_key\_id
- ip\_address
- url
- created\_at
- updated\_at

Any time an API key is generated, activated, deactivated, or deleted, a record is logged in the `api_key_admin_events` table. Each record contains the following information:

- api\_key\_id
- ip\_address
- event
- created\_at
- updated\_at

License
-------

[](#license)

The Laravel API Key package is open-sourced software licensed under the [MIT license](http://opensource.org/licenses/MIT).

###  Health Score

30

—

LowBetter than 64% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity15

Limited adoption so far

Community10

Small or concentrated contributor base

Maturity64

Established project with proven stability

 Bus Factor1

Top contributor holds 53.8% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~267 days

Recently: every ~467 days

Total

8

Last Release

1239d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/b375430971b4e59042d18d8acb102aacbf47f5b2a8488f6852e27f2ac7f69e47?d=identicon)[lparede](/maintainers/lparede)

---

Top Contributors

[![lparede](https://avatars.githubusercontent.com/u/28596833?v=4)](https://github.com/lparede "lparede (7 commits)")[![ejarnutowski](https://avatars.githubusercontent.com/u/753408?v=4)](https://github.com/ejarnutowski "ejarnutowski (3 commits)")[![ipimpat](https://avatars.githubusercontent.com/u/450038?v=4)](https://github.com/ipimpat "ipimpat (2 commits)")[![Clayboy](https://avatars.githubusercontent.com/u/1386860?v=4)](https://github.com/Clayboy "Clayboy (1 commits)")

---

Tags

apilaravelAuthenticationauthorizationapi-key

### Embed Badge

![Health badge](/badges/lparede-laravel-api-key/health.svg)

```
[![Health](https://phpackages.com/badges/lparede-laravel-api-key/health.svg)](https://phpackages.com/packages/lparede-laravel-api-key)
```

###  Alternatives

[ejarnutowski/laravel-api-key

Authorize requests to your Laravel application with API keys

157441.1k1](/packages/ejarnutowski-laravel-api-key)[auth0/login

Auth0 Laravel SDK. Straight-forward and tested methods for implementing authentication, and accessing Auth0's Management API endpoints.

2745.0M3](/packages/auth0-login)[hasinhayder/tyro

Tyro - The ultimate Authentication, Authorization, and Role &amp; Privilege Management solution for Laravel 12 &amp; 13

6712.1k2](/packages/hasinhayder-tyro)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)