Links
Comment on page
🔐

Authentication

Saloon has built-in authentication methods for the most common authentication types. You should use these on your connector if you would like the authentication to be used on all requests.

Authorization "Bearer" Tokens

The withTokenAuth method can be used when a Authorization: Bearer header is required.
Definition
Result
class ForgeConnector extends Connector
{
// ...
public function __construct(string $token)
{
$this->withTokenAuth($token, 'Bearer');
}
}
$forge = new ForgeConnector('my-token');
// Sends Header: "Authorization: Bearer my-token"

Basic Auth (Base64 Encoded)

The withBasicAuth method can be used when a Authorization: Basic header is required.
Definition
Result
class ForgeConnector extends Connector
{
// ...
public function __construct(string $username, string $password)
{
$this->withBasicAuth($username, $password);
}
}
$forge = new ForgeConnector('username', 'password');
// Sends Header: "Authorization: Basic ..."

Query Parameter

The withQueryAuth method can be used to add a query parameter for authentication.
Definition
Result
class ForgeConnector extends Connector
{
// ...
public function __construct(string $token)
{
$this->withQueryAuth('api-token', $token);
}
}
$forge = new ForgeConnector('my-token');
// Sends URL: "https://forge.laravel.com/api/v1?api-token=my-token"

Certificate Auth

The withCertificateAuth method can be used to authenticate with a custom client-side certificate. An optional password can be provided.
Definition
Result
class ForgeConnector extends Connector
{
// ...
public function __construct()
{
$this->withCertificateAuth('/path/certificate.pem', 'password');
}
}
$forge = new ForgeConnector();
// Sends Certificate: "/path/certificate.pem"

Custom Authentication

If your API uses a different way to authenticate, the recommended way is to use the methods likedefaultHeaders on your connector to define how the authentication is applied.
class ForgeConnector extends Connector
{
// ...
protected function defaultHeaders(): array
{
return [
'X-API-Key' => $this->token,
];
}
}
If your authentication requires further logic, you can also use the constructor of the connector to define these options.
class ForgeConnector extends Connector
{
public function __construct(
protected readonly string $certificatePath,
protected readonly string $certificatePassword,
protected readonly ?string $region = null,
) {
$this->withCertificateAuth($certificatePath, $certificatePassword);
if (isset($region)) {
$this->headers()->add('X-Region', $region);
}
}
}

APIs that require per-request authentication

Some APIs require an authentication token, such as a JWT, to be generated before each request. Usually, this is quite tricky to implement but with Saloon, you can use the boot method on your connector to make another request before the original was sent. Click here to read more.