Forem: HishamM1 The latest articles on Forem by HishamM1 (@hishamm1). https://forem.com/hishamm1 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1131686%2Fcce99929-f69b-4dd8-9b14-66fd0e0c99ca.jpeg Forem: HishamM1 https://forem.com/hishamm1 en Building a Multi-Guard Reset Password API in Laravel 11 HishamM1 Mon, 18 Mar 2024 18:00:15 +0000 https://forem.com/hishamm1/building-a-multi-guard-reset-password-api-in-laravel-11-1khg https://forem.com/hishamm1/building-a-multi-guard-reset-password-api-in-laravel-11-1khg <p>Resetting passwords in a Laravel web app is pretty easy; it's well-documented in the <a href="https://laravel.com/docs/11.x/passwords" rel="noopener noreferrer">documentation</a>. However, there isn't much in the documentation for an API-based application. And what if I had multiple guards? What should I do? We will explore this in today's article.</p> <h2> Brief </h2> <p>Our goal is to create a reset password functionality for a Laravel API with multiple guards. In our example, we have two guards: 'users' and 'admins', and we will implement the reset password feature for both.</p> <h2> 1. Setup the Project </h2> <p>If you already have a project, skip to step 4</p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="w"> </span><span class="n">composer</span><span class="w"> </span><span class="nx">create-project</span><span class="w"> </span><span class="nx">laravel/laravel</span><span class="w"> </span><span class="nx">multi-guard-reset-password</span><span class="w"> </span></code></pre> </div> <h2> 2. Enable API Routing </h2> <p>This command will install Laravel Sanctum and publish the API routes.</p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="w"> </span><span class="n">php</span><span class="w"> </span><span class="nx">artisan</span><span class="w"> </span><span class="nx">install:api</span><span class="w"> </span></code></pre> </div> <h2> 3. Setup the Models </h2> <p>After installing the API, you'll be prompted to add <code>HasApiTokens</code> to our User model. Let's do that first:</p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code> <span class="cp">&lt;?php</span> <span class="kn">namespace</span> <span class="nn">App\Models</span><span class="p">;</span> <span class="kn">use</span> <span class="nc">Laravel\Sanctum\HasApiTokens</span><span class="p">;</span> <span class="kn">use</span> <span class="nc">Illuminate\Notifications\Notifiable</span><span class="p">;</span> <span class="kn">use</span> <span class="nc">Illuminate\Database\Eloquent\Factories\HasFactory</span><span class="p">;</span> <span class="kn">use</span> <span class="nc">Illuminate\Foundation\Auth\User</span> <span class="k">as</span> <span class="nc">Authenticatable</span><span class="p">;</span> <span class="kd">class</span> <span class="nc">User</span> <span class="kd">extends</span> <span class="nc">Authenticatable</span> <span class="p">{</span> <span class="kn">use</span> <span class="nc">HasFactory</span><span class="p">,</span> <span class="nc">Notifiable</span><span class="p">,</span> <span class="nc">HasApiTokens</span><span class="p">;</span> <span class="c1">// Rest of code</span> <span class="p">}</span> </code></pre> </div> <p>Next, we'll create the Admin model and migrations, which will be the same as the User.</p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="w"> </span><span class="n">php</span><span class="w"> </span><span class="nx">artisan</span><span class="w"> </span><span class="nx">make:model</span><span class="w"> </span><span class="nx">Admin</span><span class="w"> </span><span class="nt">-m</span><span class="w"> </span></code></pre> </div> <p>This command will create the model and a migration file for the admins' table.</p> <h3> Admin migrations </h3> <div class="highlight js-code-highlight"> <pre class="highlight php"><code> <span class="c1">// Previous code</span> <span class="k">public</span> <span class="k">function</span> <span class="n">up</span><span class="p">():</span> <span class="kt">void</span> <span class="p">{</span> <span class="nc">Schema</span><span class="o">::</span><span class="nf">create</span><span class="p">(</span><span class="s1">'admins'</span><span class="p">,</span> <span class="k">function</span> <span class="p">(</span><span class="kt">Blueprint</span> <span class="nv">$table</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$table</span><span class="o">-&gt;</span><span class="nf">id</span><span class="p">();</span> <span class="nv">$table</span><span class="o">-&gt;</span><span class="nf">string</span><span class="p">(</span><span class="s1">'name'</span><span class="p">);</span> <span class="nv">$table</span><span class="o">-&gt;</span><span class="nf">string</span><span class="p">(</span><span class="s1">'email'</span><span class="p">)</span><span class="o">-&gt;</span><span class="nf">unique</span><span class="p">();</span> <span class="nv">$table</span><span class="o">-&gt;</span><span class="nf">timestamp</span><span class="p">(</span><span class="s1">'email_verified_at'</span><span class="p">)</span><span class="o">-&gt;</span><span class="nf">nullable</span><span class="p">();</span> <span class="nv">$table</span><span class="o">-&gt;</span><span class="nf">string</span><span class="p">(</span><span class="s1">'password'</span><span class="p">);</span> <span class="nv">$table</span><span class="o">-&gt;</span><span class="nf">rememberToken</span><span class="p">();</span> <span class="nv">$table</span><span class="o">-&gt;</span><span class="nf">timestamps</span><span class="p">();</span> <span class="p">});</span> <span class="p">}</span> <span class="c1">// Next code</span> </code></pre> </div> <h3> Admin Model </h3> <div class="highlight js-code-highlight"> <pre class="highlight php"><code> <span class="cp">&lt;?php</span> <span class="kn">namespace</span> <span class="nn">App\Models</span><span class="p">;</span> <span class="kn">use</span> <span class="nc">Laravel\Sanctum\HasApiTokens</span><span class="p">;</span> <span class="kn">use</span> <span class="nc">Illuminate\Notifications\Notifiable</span><span class="p">;</span> <span class="kn">use</span> <span class="nc">Illuminate\Database\Eloquent\Factories\HasFactory</span><span class="p">;</span> <span class="kn">use</span> <span class="nc">Illuminate\Foundation\Auth\User</span> <span class="k">as</span> <span class="nc">Authenticatable</span><span class="p">;</span> <span class="kd">class</span> <span class="nc">Admin</span> <span class="kd">extends</span> <span class="nc">Authenticatable</span> <span class="p">{</span> <span class="kn">use</span> <span class="nc">HasFactory</span><span class="p">,</span> <span class="nc">Notifiable</span><span class="p">,</span> <span class="nc">HasApiTokens</span><span class="p">;</span> <span class="cd">/** * The attributes that are mass assignable. * * @var array&lt;int, string&gt; */</span> <span class="k">protected</span> <span class="nv">$fillable</span> <span class="o">=</span> <span class="p">[</span> <span class="s1">'name'</span><span class="p">,</span> <span class="s1">'email'</span><span class="p">,</span> <span class="s1">'password'</span><span class="p">,</span> <span class="p">];</span> <span class="c1">// Rest of the User model</span> <span class="p">}</span> </code></pre> </div> <p>Now, all you need to do is run migrations:</p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="w"> </span><span class="n">php</span><span class="w"> </span><span class="nx">artisan</span><span class="w"> </span><span class="nx">migrate</span><span class="w"> </span></code></pre> </div> <p>For faster tests, We can create an admin factory so we don't need create a register and login functionality</p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="w"> </span><span class="n">php</span><span class="w"> </span><span class="nx">artisan</span><span class="w"> </span><span class="nx">make:factory</span><span class="w"> </span><span class="nx">AdminFactory</span><span class="w"> </span><span class="nt">--model</span><span class="o">=</span><span class="n">Admin</span><span class="w"> </span></code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight php"><code> <span class="cp">&lt;?php</span> <span class="kn">namespace</span> <span class="nn">Database\Factories</span><span class="p">;</span> <span class="kn">use</span> <span class="nc">Illuminate\Database\Eloquent\Factories\Factory</span><span class="p">;</span> <span class="kn">use</span> <span class="nc">Illuminate\Support\Facades\Hash</span><span class="p">;</span> <span class="kn">use</span> <span class="nc">Illuminate\Support\Str</span><span class="p">;</span> <span class="kd">class</span> <span class="nc">AdminFactory</span> <span class="kd">extends</span> <span class="nc">Factory</span> <span class="p">{</span> <span class="k">public</span> <span class="k">function</span> <span class="n">definition</span><span class="p">():</span> <span class="kt">array</span> <span class="p">{</span> <span class="k">return</span> <span class="p">[</span> <span class="s1">'name'</span> <span class="o">=&gt;</span> <span class="nf">fake</span><span class="p">()</span><span class="o">-&gt;</span><span class="nf">name</span><span class="p">(),</span> <span class="s1">'email'</span> <span class="o">=&gt;</span> <span class="nf">fake</span><span class="p">()</span><span class="o">-&gt;</span><span class="nf">unique</span><span class="p">()</span><span class="o">-&gt;</span><span class="nf">safeEmail</span><span class="p">(),</span> <span class="s1">'email_verified_at'</span> <span class="o">=&gt;</span> <span class="nf">now</span><span class="p">(),</span> <span class="s1">'password'</span> <span class="o">=&gt;</span> <span class="nc">Hash</span><span class="o">::</span><span class="nf">make</span><span class="p">(</span><span class="s1">'password'</span><span class="p">),</span> <span class="s1">'remember_token'</span> <span class="o">=&gt;</span> <span class="nc">Str</span><span class="o">::</span><span class="nf">random</span><span class="p">(</span><span class="mi">10</span><span class="p">),</span> <span class="p">];</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Next, we need to call the factory in the database seeder in <code>database/seeders/DatabaseSeeder.php</code>.</p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code> <span class="kn">namespace</span> <span class="nn">Database\Seeders</span><span class="p">;</span> <span class="kn">use</span> <span class="nc">App\Models\User</span><span class="p">;</span> <span class="kn">use</span> <span class="nc">App\Models\Admin</span><span class="p">;</span> <span class="kn">use</span> <span class="nc">Illuminate\Database\Seeder</span><span class="p">;</span> <span class="kd">class</span> <span class="nc">DatabaseSeeder</span> <span class="kd">extends</span> <span class="nc">Seeder</span> <span class="p">{</span> <span class="cd">/** * Seed the application's database. */</span> <span class="k">public</span> <span class="k">function</span> <span class="n">run</span><span class="p">():</span> <span class="kt">void</span> <span class="p">{</span> <span class="nc">User</span><span class="o">::</span><span class="nf">factory</span><span class="p">()</span><span class="o">-&gt;</span><span class="nf">create</span><span class="p">([</span> <span class="s1">'name'</span> <span class="o">=&gt;</span> <span class="s1">'User'</span><span class="p">,</span> <span class="s1">'email'</span> <span class="o">=&gt;</span> <span class="s1">'user@example.com'</span><span class="p">,</span> <span class="p">]);</span> <span class="nc">Admin</span><span class="o">::</span><span class="nf">factory</span><span class="p">()</span><span class="o">-&gt;</span><span class="nf">create</span><span class="p">([</span> <span class="s1">'name'</span> <span class="o">=&gt;</span> <span class="s1">'Admin'</span><span class="p">,</span> <span class="s1">'email'</span> <span class="o">=&gt;</span> <span class="s1">'admin@example.com'</span><span class="p">,</span> <span class="p">]);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Then don't forget to run this command:</p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="w"> </span><span class="n">php</span><span class="w"> </span><span class="nx">artisan</span><span class="w"> </span><span class="nx">db:seed</span><span class="w"> </span></code></pre> </div> <p>After finishing setting up models and migrations, we will start configuring the guards.</p> <h2> 3. Configure the Guards </h2> <p>Navigate to the <code>config/auth.php</code> directory.</p> <p>You'll see all the options for the existing guards, which are web and API. <br> The default guard is web, and the default password reset broker is users. <br> Let's write our guards first:</p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code> <span class="s1">'guards'</span> <span class="o">=&gt;</span> <span class="p">[</span> <span class="s1">'user'</span> <span class="o">=&gt;</span> <span class="p">[</span> <span class="s1">'driver'</span> <span class="o">=&gt;</span> <span class="s1">'sanctum'</span><span class="p">,</span> <span class="s1">'provider'</span> <span class="o">=&gt;</span> <span class="s1">'users'</span><span class="p">,</span> <span class="p">],</span> <span class="s1">'admin'</span> <span class="o">=&gt;</span> <span class="p">[</span> <span class="s1">'driver'</span> <span class="o">=&gt;</span> <span class="s1">'sanctum'</span><span class="p">,</span> <span class="s1">'provider'</span> <span class="o">=&gt;</span> <span class="s1">'admins'</span><span class="p">,</span> <span class="p">]</span> <span class="p">],</span> </code></pre> </div> <p>You can keep the web and api guards, but in our case, we won't need them. <br> Now, let's define the providers, which specify how users are retrieved from our database:</p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code> <span class="s1">'providers'</span> <span class="o">=&gt;</span> <span class="p">[</span> <span class="s1">'users'</span> <span class="o">=&gt;</span> <span class="p">[</span> <span class="s1">'driver'</span> <span class="o">=&gt;</span> <span class="s1">'eloquent'</span><span class="p">,</span> <span class="s1">'model'</span> <span class="o">=&gt;</span> <span class="nc">App\Models\User</span><span class="o">::</span><span class="n">class</span><span class="p">,</span> <span class="p">],</span> <span class="s1">'admins'</span> <span class="o">=&gt;</span> <span class="p">[</span> <span class="s1">'driver'</span> <span class="o">=&gt;</span> <span class="s1">'eloquent'</span><span class="p">,</span> <span class="s1">'model'</span> <span class="o">=&gt;</span> <span class="nc">App\Models\Admin</span><span class="o">::</span><span class="n">class</span><span class="p">,</span> <span class="p">]</span> <span class="p">]</span> </code></pre> </div> <p>Next, let's define the password reset tables for the providers:</p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code> <span class="s1">'passwords'</span> <span class="o">=&gt;</span> <span class="p">[</span> <span class="s1">'users'</span> <span class="o">=&gt;</span> <span class="p">[</span> <span class="s1">'provider'</span> <span class="o">=&gt;</span> <span class="s1">'users'</span><span class="p">,</span> <span class="s1">'table'</span> <span class="o">=&gt;</span> <span class="nf">env</span><span class="p">(</span><span class="s1">'AUTH_PASSWORD_RESET_TOKEN_TABLE'</span><span class="p">,</span> <span class="s1">'password_reset_tokens'</span><span class="p">),</span> <span class="s1">'expire'</span> <span class="o">=&gt;</span> <span class="mi">60</span><span class="p">,</span> <span class="s1">'throttle'</span> <span class="o">=&gt;</span> <span class="mi">0</span><span class="p">,</span> <span class="c1">// default 60 but we set it to 0 for testing</span> <span class="p">],</span> <span class="s1">'admins'</span> <span class="o">=&gt;</span> <span class="p">[</span> <span class="s1">'provider'</span> <span class="o">=&gt;</span> <span class="s1">'admins'</span><span class="p">,</span> <span class="s1">'table'</span> <span class="o">=&gt;</span> <span class="nf">env</span><span class="p">(</span><span class="s1">'AUTH_PASSWORD_RESET_TOKEN_TABLE'</span><span class="p">,</span> <span class="s1">'password_reset_tokens'</span><span class="p">),</span> <span class="s1">'expire'</span> <span class="o">=&gt;</span> <span class="mi">60</span><span class="p">,</span> <span class="s1">'throttle'</span> <span class="o">=&gt;</span> <span class="mi">0</span><span class="p">,</span> <span class="c1">// default 60 but we set it to 0 for testing</span> <span class="p">],</span> <span class="p">],</span> </code></pre> </div> <p>For now, let's stick to the default password reset tokens table. However, you can create a new table by running this command:</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> php artisan make:migration create_admin_password_reset_tokens </code></pre> </div> <p>Then, define the table like this:</p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code> <span class="c1">// Previous code</span> <span class="k">public</span> <span class="k">function</span> <span class="n">up</span><span class="p">():</span> <span class="kt">void</span> <span class="p">{</span> <span class="nc">Schema</span><span class="o">::</span><span class="nf">create</span><span class="p">(</span><span class="s1">'admin_password_reset_tokens'</span><span class="p">,</span> <span class="k">function</span> <span class="p">(</span><span class="kt">Blueprint</span> <span class="nv">$table</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$table</span><span class="o">-&gt;</span><span class="nf">string</span><span class="p">(</span><span class="s1">'email'</span><span class="p">)</span><span class="o">-&gt;</span><span class="nf">primary</span><span class="p">();</span> <span class="nv">$table</span><span class="o">-&gt;</span><span class="nf">string</span><span class="p">(</span><span class="s1">'token'</span><span class="p">);</span> <span class="nv">$table</span><span class="o">-&gt;</span><span class="nf">timestamp</span><span class="p">(</span><span class="s1">'created_at'</span><span class="p">)</span><span class="o">-&gt;</span><span class="nf">nullable</span><span class="p">();</span> <span class="p">});</span> <span class="p">}</span> <span class="c1">// Next code</span> </code></pre> </div> <p>Don't forget to run migrations after creating it.</p> <p>Because we deleted the web guard, let's make the default guard <code>users</code> by adding a new <code>AUTH_GUARD</code> variable in the <code>.env</code> file. </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="nv">AUTH_GUARD</span><span class="o">=</span>user </code></pre> </div> <p>You can also change the password broker by setting the <code>AUTH_PASSWORD_BROKER</code> variable.</p> <p>Next up, we will set up controllers to handle password reset requests for both users and admins.</p> <h2> 4. Setting Up the Mail Provider </h2> <p>If you have already done it jump to the next step.<br> There are a lot of free options but the fastest is to use log which is the default but I will use <a href="https://mailtrap.io/home" rel="noopener noreferrer">Mailtrap</a></p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="nv">MAIL_MAILER</span><span class="o">=</span>smtp <span class="nv">MAIL_HOST</span><span class="o">=</span>sandbox.smtp.mailtrap.io <span class="nv">MAIL_PORT</span><span class="o">=</span>2525 <span class="nv">MAIL_USERNAME</span><span class="o">=</span><span class="c">#############</span> <span class="nv">MAIL_PASSWORD</span><span class="o">=</span><span class="c">#############</span> <span class="nv">MAIL_ENCRYPTION</span><span class="o">=</span>null <span class="nv">MAIL_FROM_ADDRESS</span><span class="o">=</span><span class="s2">"hisham@example.com"</span> <span class="nv">MAIL_FROM_NAME</span><span class="o">=</span><span class="s2">"</span><span class="k">${</span><span class="nv">APP_NAME</span><span class="k">}</span><span class="s2">"</span> </code></pre> </div> <h2> 5. Setting Up the Controllers </h2> <p>Let's proceed with setting up reset controllers for admins.</p> <ol> <li>Forgot Link Controller This controller will handle sending a reset link to the admin's email. ```powesherll </li> </ol> <p>php artisan make:controller Admin/Auth/AdminForgotPasswordController -i</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>the `-i` will make it an invokable class because we want it to do only one thing Now, let's define the controller: `Admin/Auth/AdminForgotPasswordController.php` ```php &lt;?php namespace App\Http\Controllers\Admin\Auth; use Illuminate\Http\Request; use App\Http\Controllers\Controller; use Illuminate\Support\Facades\Password; class AdminForgotPasswordController extends Controller { /** * Handle the incoming request. */ public function __invoke(Request $request) { $request-&gt;validate([ 'email' =&gt; ['required', 'email'], ]); $status = Password::broker('admins')-&gt;sendResetLink( $request-&gt;only('email') ); return $status === Password::RESET_LINK_SENT ? response()-&gt;json(['message' =&gt; __($status)]) : response()-&gt;json(['message' =&gt; __($status)], 400); } } </code></pre> </div> <p>This process involves extracting the email from the request using the Password facade and define which broker we will use which we already defined in the passwords option in <code>config/auth.php</code></p> <p>We then check the status returned by the <code>sendResetLink</code> method. <br> If the email is successfully sent, we return the status with a success code; otherwise, we return a 400 code. <br> While for security reasons, you could always return a success message regardless of whether the email exists or not, we'll stick to the current approach for now.</p> <ol> <li>Reset Password Controller This controller handles the resetting of passwords ```powesherll </li> </ol> <p>php artisan make:controller Admin/Auth/AdminResetPasswordController -i</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> `Admin/Auth/AdminResetPasswordController.php` ```php &lt;?php namespace App\Http\Controllers\Admin\Auth; use Illuminate\Http\Request; use App\Http\Controllers\Controller; use App\Models\Admin; use Illuminate\Support\Facades\Hash; use Illuminate\Support\Facades\Password; class AdminResetPasswordController extends Controller { /** * Handle the incoming request. */ public function __invoke(Request $request) { $request-&gt;validate([ 'token' =&gt; ['required'], 'email' =&gt; ['required', 'email'], 'password' =&gt; ['required', 'confirmed', 'min:8'], ]); $status = Password::broker('admins')-&gt;reset( $request-&gt;only('email', 'password', 'password_confirmation', 'token'), function (Admin $admin, string $password) { $admin-&gt;forceFill([ 'password' =&gt; Hash::make($password) ]); $admin-&gt;save(); } ); return $status === Password::PASSWORD_RESET ? response()-&gt;json(['message' =&gt; __($status)]) : response()-&gt;json(['message' =&gt; __($status)], 400); } } </code></pre> </div> <p>Here, we receive four inputs from the client: <code>token</code>, <code>email</code>, <code>password</code>, and <code>password_confirmation</code>.</p> <p>We then use another function from the Password facade called <code>reset</code>. <br> This function takes the provided credentials and a callback function. First, it verifies the credentials. If they are valid, it executes the callback function. In this function, the old password is replaced with the new password. <br> You can customize this function as needed.</p> <p>Now the reset controllers for users</p> <ol> <li>Forgot Password Controller ```powesherll </li> </ol> <p>php artisan make:controller User/Auth/UserForgotPasswordController -i</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>It will be the same as the admins' controller the only difference will be the broker. ```php &lt;?php namespace App\Http\Controllers\User\Auth; use Illuminate\Http\Request; use App\Http\Controllers\Controller; use Illuminate\Support\Facades\Password; class UserForgotPasswordController extends Controller { /** * Handle the incoming request. */ public function __invoke(Request $request) { // Previous Code $status = Password::broker('users')-&gt;sendResetLink( $request-&gt;only('email') ); // Next code } } </code></pre> </div> <ol> <li>Reset Password Controller ```powesherll </li> </ol> <p>php artisan make:controller User/Auth/UserResetPasswordController -i</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>It will be the same as the admins' controller the only difference will be the broker. ```php &lt;?php namespace App\Http\Controllers\User\Auth; use App\Models\User; use Illuminate\Http\Request; use App\Http\Controllers\Controller; use Illuminate\Support\Facades\Hash; use Illuminate\Support\Facades\Password; class ResetPasswordController extends Controller { /** * Handle the incoming request. */ public function __invoke(Request $request) { // Previous code $status = Password::broker('users')-&gt;reset( $request-&gt;only('email', 'password', 'password_confirmation', 'token'), function (User $user, string $password) { $user-&gt;forceFill([ 'password' =&gt; Hash::make($password) ]); $user-&gt;save(); } ); // Next Code } } </code></pre> </div> <p>Congratulations You are almost finished! The next step is defining the redirect frontend URL that the email will send the client to</p> <h2> 6. Configuring the Redirect URL </h2> <p>Navigate to the <code>app/Providers/AppServiceProvider.php</code> directory.</p> <p>We want to customize the reset link based on the user type. <br> We'll achieve this by using the <code>createUrlUsing</code> method from the <code>ResetPassword</code> notification class. <br> For now, we'll hardcode the link, but ideally, it should be defined elsewhere.</p> <p>Now, let's define what we want in the <code>boot</code> function:</p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code> <span class="kn">use</span> <span class="nc">Illuminate\Auth\Notifications\ResetPassword</span><span class="p">;</span> <span class="kn">use</span> <span class="nc">App\Models\User</span><span class="p">;</span> <span class="kn">use</span> <span class="nc">App\Models\Admin</span><span class="p">;</span> <span class="c1">// ...</span> <span class="k">public</span> <span class="k">function</span> <span class="n">boot</span><span class="p">():</span> <span class="kt">void</span> <span class="p">{</span> <span class="nc">ResetPassword</span><span class="o">::</span><span class="nf">createUrlUsing</span><span class="p">(</span><span class="k">function</span> <span class="p">(</span><span class="nv">$user</span><span class="p">,</span> <span class="kt">string</span> <span class="nv">$token</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="k">match</span> <span class="p">(</span><span class="kc">true</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$user</span> <span class="k">instanceof</span> <span class="nc">Admin</span> <span class="o">=&gt;</span> <span class="s1">'http://admin.our-website/reset-password'</span> <span class="mf">.</span> <span class="s1">'?token='</span> <span class="mf">.</span> <span class="nv">$token</span> <span class="mf">.</span> <span class="s1">'&amp;email='</span> <span class="mf">.</span> <span class="nb">urlencode</span><span class="p">(</span><span class="nv">$user</span><span class="o">-&gt;</span><span class="n">email</span><span class="p">),</span> <span class="nv">$user</span> <span class="k">instanceof</span> <span class="nc">User</span> <span class="o">=&gt;</span> <span class="s1">'http://our-website/reset-password'</span> <span class="mf">.</span> <span class="s1">'?token='</span> <span class="mf">.</span> <span class="nv">$token</span> <span class="mf">.</span> <span class="s1">'&amp;email='</span> <span class="mf">.</span> <span class="nb">urlencode</span><span class="p">(</span><span class="nv">$user</span><span class="o">-&gt;</span><span class="n">email</span><span class="p">),</span> <span class="c1">// other user types</span> <span class="k">default</span> <span class="o">=&gt;</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">\Exception</span><span class="p">(</span><span class="s2">"Invalid user type"</span><span class="p">),</span> <span class="p">};</span> <span class="p">});</span> <span class="p">}</span> </code></pre> </div> <p>All that's left is to define the routes!</p> <h2> 7. Add the API Routes </h2> <p>Navigate to <code>routes/api.php</code></p> <p>Next, write the following routes or customize them according to your needs:</p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code> <span class="nc">Route</span><span class="o">::</span><span class="nf">prefix</span><span class="p">(</span><span class="s1">'admin'</span><span class="p">)</span><span class="o">-&gt;</span><span class="nf">group</span><span class="p">(</span><span class="k">function</span> <span class="p">()</span> <span class="p">{</span> <span class="nc">Route</span><span class="o">::</span><span class="nf">post</span><span class="p">(</span><span class="s1">'/forgot-password'</span><span class="p">,</span> <span class="nc">AdminForgotPasswordController</span><span class="o">::</span><span class="n">class</span><span class="p">);</span> <span class="nc">Route</span><span class="o">::</span><span class="nf">post</span><span class="p">(</span><span class="s1">'/reset-password'</span><span class="p">,</span> <span class="nc">AdminResetPasswordController</span><span class="o">::</span><span class="n">class</span><span class="p">);</span> <span class="p">});</span> <span class="nc">Route</span><span class="o">::</span><span class="nf">prefix</span><span class="p">(</span><span class="s1">'user'</span><span class="p">)</span><span class="o">-&gt;</span><span class="nf">group</span><span class="p">(</span><span class="k">function</span> <span class="p">()</span> <span class="p">{</span> <span class="nc">Route</span><span class="o">::</span><span class="nf">post</span><span class="p">(</span><span class="s1">'/forgot-password'</span><span class="p">,</span> <span class="nc">UserForgotPasswordController</span><span class="o">::</span><span class="n">class</span><span class="p">);</span> <span class="nc">Route</span><span class="o">::</span><span class="nf">post</span><span class="p">(</span><span class="s1">'/reset-password'</span><span class="p">,</span> <span class="nc">UserResetPasswordController</span><span class="o">::</span><span class="n">class</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>After following these steps, your API setup is complete! You can now freely test your API endpoints.</p> <p>Next, let's proceed with testing the APIs using HTTPie on one user we created above.<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsw7qx02htrento0mcn7r.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsw7qx02htrento0mcn7r.png" alt="User Forgot Password API Request"></a><br> As you can see the forgot password API successfully sent the password reset link to the email address.<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fiw7nun5k27worwns3hq2.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fiw7nun5k27worwns3hq2.png" alt="Reset Password Email"></a><br> The reset password link that was sent is <code>http://our-website/reset-password?token=83f932629e3489972c49897bdcd462beae29c0af8c5079fe8c553cc542030d3d&amp;email=user%40example.com</code>. <br> Upon redirection to this link, the front end will retrieve the token and email from the URL, allowing the user to set a new password.</p> <p>Now let's try the reset password API<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1057zrh19fymwu9gkd23.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1057zrh19fymwu9gkd23.png" alt="User Reset Password API Request"></a><br> As we expected!</p> <p>Similar results can be expected for the Admin APIs, with the only difference being the structure of the reset link.</p> <p>I hope this article has been helpful to you. I've aimed to keep it as simple as possible, covering the essential details. While there are additional aspects we haven't got into, perhaps they could be explored in a future article. Thank you for reading!</p> laravel api backend php