PHPackages                             paulisratnieks/api-key-auth - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. paulisratnieks/api-key-auth

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

paulisratnieks/api-key-auth
===========================

API client authentication, authorization and management

v2.0.1(11mo ago)011.0k↓44.9%MITPHPPHP ^8.3CI passing

Since Jan 30Pushed 11mo ago1 watchersCompare

[ Source](https://github.com/paulisratnieks/api-key-auth)[ Packagist](https://packagist.org/packages/paulisratnieks/api-key-auth)[ RSS](/packages/paulisratnieks-api-key-auth/feed)WikiDiscussions main Synced 1mo ago

READMEChangelog (3)Dependencies (3)Versions (4)Used By (0)

Simple API client generation and authentication
===============================================

[](#simple-api-client-generation-and-authentication)

`api-key-auth` is a highly customizable Laravel package for API client management, authentication and authorization. The package contains a single middleware `ApiClientMiddleware` and a few artisan commands to manage the clients.

Installation
------------

[](#installation)

You can install the package via composer:

```
composer require paulisratnieks/api-key-auth
```

You should publish the config file `config/api-key-auth.php` and run the migrations to create the `api_clients` table:

```
php artisan vendor:publish --provider="PaulisRatnieks\ApiKeyAuth\ApiKeyAuthServiceProvider"
php artisan migrate
```

Usage
-----

[](#usage)

### Managing API clients

[](#managing-api-clients)

The package contains multiple artisan commands for API client management: `api-client:make`, `api-client:list`, `api-client:update`.

To create a new client:

```
php artisan api-client:make
```

The command will prompt for multiple attributes that are necessary for the `ApiClient` model. After creation, the command will output the API key in plain text, which should be saved and used to authenticate the API client. The API client has to send an HTTP authorization header with the generated API key `Authorization: ApiKey {api-key}`.

All the API clients can be viewed with the `api-client:list` command, and they can be managed with the `api-client:update` command which supports the following actions: `regenerate`, `revoke`, `undo-revoke`.

### Adding the middleware

[](#adding-the-middleware)

In `config/app.php` (Laravel 11 and newer) you should add the middleware to the global middleware stack:

```
->withMiddleware(function (Middleware $middleware) {
     $middleware->append(\PaulisRatnieks\ApiKeyAuth\ApiClientMiddleware::class);
})
```

The middleware will validate each request against the HTTP header containing the API key.

Customization
-------------

[](#customization)

These are the contents of the published config file `config/api-key-auth.php`:

```
return [
    // This is the model used by the ApiClientMiddleware.
    'model' => PaulisRatnieks\ApiKeyAuth\ApiClient::class,

    /*
     * These are all the validators used by the ApiClientMiddleware. You can add or remove any classes
     * that implement the PaulisRatnieks\ApiKeyAuth\Validators\Validator interface.
     */
    'validators' => [
        PaulisRatnieks\ApiKeyAuth\Validators\IpAddressValidator::class,
        PaulisRatnieks\ApiKeyAuth\Validators\RevokedValidator::class,
        PaulisRatnieks\ApiKeyAuth\Validators\ScopeValidator::class,
    ],

    // The name of the http header that will be used for authentication.
    'header' => 'Authorization',

    // The key that will hold the authorization header's api key.
    'header_key' => 'ApiKey',
];
```

It is possible to configure:

- which model is used by the middleware using the `model` config entry
- which validators the middleware uses by the `validators` entry
- the HTTP header format using `header` amd `header_key` entries. The HTTP header sent by the API clients should follow this format: `{header}: {header_key} {api-key}`.

###  Health Score

38

—

LowBetter than 85% of packages

Maintenance50

Moderate activity, may be stable

Popularity25

Limited adoption so far

Community7

Small or concentrated contributor base

Maturity55

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~59 days

Total

3

Last Release

355d ago

Major Versions

v1.0.0 → v2.0.02025-05-28

### Community

Maintainers

![](https://www.gravatar.com/avatar/549fd90993dc4ed12d6d0356c2299ea959c214920be3c1f9fef99788c5d061f4?d=identicon)[paulisratnieks](/maintainers/paulisratnieks)

---

Top Contributors

[![paulisratnieks](https://avatars.githubusercontent.com/u/54741191?v=4)](https://github.com/paulisratnieks "paulisratnieks (4 commits)")

---

Tags

phplaravelAuthenticationauthorizationapi client

###  Code Quality

TestsPest

Code StylePHP CS Fixer

### Embed Badge

![Health badge](/badges/paulisratnieks-api-key-auth/health.svg)

```
[![Health](https://phpackages.com/badges/paulisratnieks-api-key-auth/health.svg)](https://phpackages.com/packages/paulisratnieks-api-key-auth)
```

###  Alternatives

[pktharindu/nova-permissions

Laravel Nova Grouped Permissions (ACL)

136387.1k](/packages/pktharindu-nova-permissions)[shanmuga/laravel-entrust

This package provides a flexible solution to add ACL to Laravel

68312.9k2](/packages/shanmuga-laravel-entrust)[hasinhayder/tyro

Tyro - The ultimate Authentication, Authorization, and Role &amp; Privilege Management solution for Laravel 12 &amp; 13

6712.1k2](/packages/hasinhayder-tyro)[efficiently/authority-controller

AuthorityController is an PHP authorization library for Laravel 5 which restricts what resources a given user is allowed to access.

15533.2k](/packages/efficiently-authority-controller)[sametsahindogan/laravel-jwtredis

This package allows JWT-authenticated users to be stored and management in Redis with their roles, permissions, statuses and anything you want.

1221.9k](/packages/sametsahindogan-laravel-jwtredis)[hosseinhezami/laravel-permission-manager

Advanced permission manager for Laravel.

403.3k](/packages/hosseinhezami-laravel-permission-manager)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)