name: Laravel API
description: REST and JSON API standards for modern Laravel backends.
metadata:
labels: [laravel, api, rest, json, sanctum]
triggers:
files: ['routes/api.php', 'app/Http/Resources/**/*.php']
keywords: [resource, collection, sanctum, passport, cors]
Laravel API
Priority: P1 (HIGH)
Structure
app/
└── Http/
├── Resources/ # Data transformation
└── Controllers/
└── Api/ # API specific logic
Implementation Guidelines
- API Resources: Always use Resources/Collections for JSON formatting.
- RESTful Actions: Follow standard naming (
index, store, update).
- Auth: Use Sanctum for SPAs/Mobile or Passport for OAuth2.
- Status Codes: Return appropriate HTTP codes (201 Created, 422 Unprocessable).
- Versioning: Prefix routes with version tags (e.g.,
api/v1/...).
- Rate Limiting: Configure
RateLimiter to protect public endpoints.
Anti-Patterns
- Raw Models: No raw model returns: Information leakage risk.
- Manual JSON: No response()->create(): Use API Resources.
- Session Auth: No sessions for APIs: Use Tokens (Sanctum).
- Hardcoded URLs: No static links in JSON: Use HATEOAS or route names.
References