Restrict Laravel API access to given frontend(s) only

Question

I'm using Laravel as API with Passport and Password Grant Token.

When no user is logged in, frontends still needs to access API routes to get misc data or to register a user. How should I protect these routes, used by a given frontend (set in api.php), to be only accessible by a frontend ?

Answer 1

You can restrict access to your API in the cors.php configuration file. You can set which domains are allowed to access your API in the allowed_origins header. It's a very easy way to achieve this without much hassle.