PHPackages orebarranco/laravel-api-starter-kit - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [API Development](/categories/api) 4. / 5. orebarranco/laravel-api-starter-kit ActiveProject[API Development](/categories/api) orebarranco/laravel-api-starter-kit =================================== Production-ready API-only starter kit for Laravel 13 with Sanctum auth, JSON:API responses, DTOs, Actions, and 100% test coverage. v1.1.0(1mo ago)08↓100%MITPHPPHP ^8.4CI passing Since Apr 14Pushed 1mo agoCompare [ Source](https://github.com/orebarranco/laravel-api-starter-kit)[ Packagist](https://packagist.org/packages/orebarranco/laravel-api-starter-kit)[ RSS](/packages/orebarranco-laravel-api-starter-kit/feed)WikiDiscussions master Synced 1w ago READMEChangelog (2)Dependencies (17)Versions (3)Used By (0) Laravel API Starter Kit ======================= [](#laravel-api-starter-kit) A production-ready, API-only starter built with Laravel 13 and PHP 8.4. Designed for scalable backends, mobile apps, SPAs, SaaS platforms, and microservices. No frontend scaffolding. No Blade. Pure headless API. [![PHP Version](https://camo.githubusercontent.com/80c4564163cef31b2a66baaeb95a5bf4a418bcb5242a5ae707b94c2f4811e742/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f5048502d382e342532422d626c7565)](https://php.net)[![Laravel Version](https://camo.githubusercontent.com/93e2a73a6be4178312d2ac1dc894dab6632c2e920066fd0178100fe839695d02/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4c61726176656c2d31332e782d726564)](https://laravel.com)[![License](https://camo.githubusercontent.com/5caa455d8debc46fb23abbadb45a733a937f3910a73fc875c2f7820468e1bb54/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4c6963656e73652d4d49542d677265656e)](https://opensource.org/licenses/MIT) --- Core Philosophy --------------- [](#core-philosophy) - Thin controllers — business logic lives in **Actions** - Typed DTOs hydrated from Form Requests via `toDto()` - Strict typing throughout (`declare(strict_types=1)`, `final` classes) - JSON:API compliant responses - Versioned APIs from day one --- Features -------- [](#features) - Token authentication via Laravel Sanctum - Email verification with signed URLs - Password reset via email - Rate limiting (per IP and per user) - API versioning (URI-based) - Custom `readonly` DTOs (no external packages) - JSON:API resource objects via `JsonApiResource` - Centralized exception handling - Pest with 100% coverage enforced - Static analysis via Larastan - Automated refactoring with Rector - Code formatting via Laravel Pint --- Requirements ------------ [](#requirements) - PHP 8.4+ - Composer 2.x - MySQL / PostgreSQL / SQLite --- Quick Start ----------- [](#quick-start) **Via the Laravel installer (recommended):** ``` laravel new myapp --using=orebarranco/laravel-api-starter-kit ``` **Via Composer:** ``` composer create-project orebarranco/laravel-api-starter-kit myapp ``` **Via Git:** ``` git clone https://github.com/orebarranco/laravel-api-starter-kit.git myapp cd myapp composer setup ``` ``` composer test ``` --- Authentication -------------- [](#authentication) Protected routes require: ``` Authorization: Bearer {token} ``` EndpointMethodAuth`/api/v1/auth/register`POST—`/api/v1/auth/login`POST—`/api/v1/auth/logout`POSTBearer`/api/v1/auth/me`GETBearer`/api/v1/auth/forgot-password`POST—`/api/v1/auth/reset-password`POST—`/api/v1/auth/email/verify/{id}/{hash}`GETSigned URL`/api/v1/auth/email/resend`POSTBearer--- API Versioning -------------- [](#api-versioning) URI-based versioning. Each version is fully isolated: ``` app/Http/Controllers/Api/V1/ app/Http/Requests/Api/V1/ routes/api/v1.php ``` --- Response Format --------------- [](#response-format) All responses use `Content-Type: application/vnd.api+json`. **Success** ``` { "data": { "id": "01kn38s0cv0edq25et3vyrxd7s", "type": "users", "attributes": { "name": "Carlos Méndez", "email": "carlos@example.com" } }, "meta": { "request_id": "...", "version": "v1", "timestamp": "..." } } ``` **Error** ``` { "errors": [{ "status": "422", "code": "VALIDATION_ERROR", "title": "The given data was invalid.", "detail": "The email field is required.", "source": { "pointer": "/data/attributes/email" } }], "meta": { "request_id": "...", "version": "v1", "timestamp": "..." } } ``` --- Project Structure ----------------- [](#project-structure) ``` app/ ├── Actions/ # Single-purpose use cases ├── DTOs/ # Immutable readonly DTOs ├── Exceptions/ # Typed exceptions + centralized handler ├── Http/ │ ├── Controllers/Api/ # Versioned, single-action controllers │ ├── Middleware/ # ForceJsonResponse, EnsureEmailIsVerified │ ├── Requests/Api/ # Validation + toDto() │ └── Resources/Api/ # JSON:API resources ├── Models/ ├── Providers/ # AppServiceProvider (rate limiting, email verification, password reset) └── Traits/ # ApiResponse routes/ ├── api.php # Version grouping └── api/v1.php ``` --- Action Pattern -------------- [](#action-pattern) Controllers delegate to single-purpose Action classes: ``` // Controller public function __invoke(RegisterRequest $request, RegisterUserAction $action): JsonResponse { $result = $action->execute($request->toDto()); return $this->success(new UserResource($result['user']), Response::HTTP_CREATED, [ 'token' => $result['token'], ]); } // Action public function execute(RegisterUserDTO $data): array { $user = User::query()->create([...]); event(new Registered($user)); return ['user' => $user, 'token' => $user->createToken('auth_token')->plainTextToken]; } ``` --- Rate Limiting ------------- [](#rate-limiting) LimiterRoutesLimit`auth`register, login, forgot-password, reset-password, email verify5 req/min per IP`api`all authenticated endpoints120 req/min per user · 60 req/min per IP--- Email Verification ------------------ [](#email-verification) Sent automatically on registration via the `Registered` event. ``` GET /auth/email/verify/{id}/{hash} — no auth required (signed URL) POST /auth/email/resend — requires Bearer token ``` --- Password Reset -------------- [](#password-reset) ``` POST /auth/forgot-password — sends reset link to email (no auth required) POST /auth/reset-password — resets password and invalidates all tokens (no auth required) ``` The reset link points to `FRONTEND_URL/reset-password?token=...&email=...`. Configure `FRONTEND_URL` in your `.env`. --- Middleware ---------- [](#middleware) - `force.json` — enforces `Accept: application/vnd.api+json` - `api.version` — sets `X-API-Version` response header - `verified` — requires verified email → `EMAIL_NOT_VERIFIED` (403) --- Testing ------- [](#testing) ``` composer test # lint + static analysis + coverage composer test:unit # unit tests only ``` Powered by Pest 4 with 100% coverage enforced. Feature and unit tests for all controllers, actions, middleware, and exception handling. --- Code Quality ------------ [](#code-quality) ``` composer lint # Rector + Pint ``` - PHPStan level max via Larastan - Rector for automated refactoring - Laravel Pint for code style --- License ------- [](#license) MIT License ### Health Score 41 — FairBetter than 87% of packages Maintenance90 Actively maintained with recent releases Popularity6 Limited adoption so far Community6 Small or concentrated contributor base Maturity52 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~6 days Total 2 Last Release 50d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/8aac9d050c8efc7e546f2074ef64749489f139895ad00a7f5e7d45e0482c7b84?d=identicon)[orebarranco](/maintainers/orebarranco) --- Top Contributors [![orebarranco](https://avatars.githubusercontent.com/u/106551888?v=4)](https://github.com/orebarranco "orebarranco (28 commits)") --- Tags action-patternapibackendddddomain-driven-designjson-apilarave-sanctumlaravelpestphpphpphpstanrest-apiapilaravelsanctumREST APIJSON-APIstarter-kit ### Code Quality TestsPest Static AnalysisPHPStan, Rector Code StyleLaravel Pint ### Embed Badge ![Health badge](/badges/orebarranco-laravel-api-starter-kit/health.svg) ``` [![Health](https://phpackages.com/badges/orebarranco-laravel-api-starter-kit/health.svg)](https://phpackages.com/packages/orebarranco-laravel-api-starter-kit) ``` ### Alternatives [unopim/unopim UnoPim Laravel PIM 10.1k2.2k](/packages/unopim-unopim)[typicms/base A modular multilingual CMS built with Laravel, enabling developers to manage structured content like pages, news, events, and more. 1.6k20.4k](/packages/typicms-base)[rupadana/filament-api-service A simple api service for supporting filamentphp 208114.4k7](/packages/rupadana-filament-api-service) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)