Laravel API Best Practices

API quality determines application success. Modern Laravel APIs require proper versioning, authentication, and documentation. At ZIRA Software, these patterns power APIs serving millions of requests.

API Versioning

// routes/api.php
Route::prefix('v1')->group(function () {
    Route::apiResource('posts', Api\V1\PostController::class);
});

Route::prefix('v2')->group(function () {
    Route::apiResource('posts', Api\V2\PostController::class);
});

Consistent Response Format

// app/Traits/ApiResponse.php
trait ApiResponse
{
    protected function success($data, $message = null, $code = 200)
    {
        return response()->json([
            'success' => true,
            'message' => $message,
            'data' => $data,
        ], $code);
    }

    protected function error($message, $code = 400, $errors = null)
    {
        return response()->json([
            'success' => false,
            'message' => $message,
            'errors' => $errors,
        ], $code);
    }
}

API Resources

class PostResource extends JsonResource
{
    public function toArray($request)
    {
        return [
            'id' => $this->id,
            'title' => $this->title,
            'slug' => $this->slug,
            'excerpt' => $this->excerpt,
            'author' => new UserResource($this->whenLoaded('author')),
            'created_at' => $this->created_at->toISOString(),
        ];
    }
}

Rate Limiting

// app/Providers/RouteServiceProvider.php
RateLimiter::for('api', function (Request $request) {
    return Limit::perMinute(60)->by($request->user()?->id ?: $request->ip());
});

// Custom limits
RateLimiter::for('uploads', function (Request $request) {
    return Limit::perMinute(10)->by($request->user()->id);
});

Authentication

// Sanctum for SPA/Mobile
Route::middleware('auth:sanctum')->group(function () {
    Route::get('/user', fn(Request $request) => $request->user());
    Route::apiResource('posts', PostController::class);
});

Documentation

/**
 * @OA\Get(
 *     path="/api/v1/posts",
 *     summary="List all posts",
 *     @OA\Response(response=200, description="Success"),
 *     @OA\Response(response=401, description="Unauthorized")
 * )
 */
public function index()
{
    return PostResource::collection(Post::paginate());
}

Conclusion

Well-designed APIs follow consistent patterns for versioning, responses, authentication, and documentation. These practices ensure maintainable, scalable APIs.

Need API development? Contact ZIRA Software for REST API architecture.