A robust Laravel API starter template with built-in authentication, standardized JSON responses, and extendable controllers using reusable traits. Ideal for quickly bootstrapping secure and maintainable RESTful APIs.

Author: Mikiyas Birhanu
GitHub: @codewithmikee
Repo: github.com/codewithmikee/laravel-backend-starter-template

API documentation and collections (Postman, Swagger/OpenAPI) are stored in the docs/ folder at the project root.

• Postman Collection:

  • File: docs/postman_collection.json
  • Import this file into Postman to test all API endpoints quickly.
  • Includes example requests for registration, login, and profile fetch.

• Swagger/OpenAPI Spec:

  • File: docs/swagger.yaml
  • Use with Swagger UI, Redoc, or compatible tools for interactive API docs and code generation.
  • Describes all endpoints, request/response formats, and authentication requirements.

• Sanctum Authentication: Ready-to-use JWT-like token-based auth.
• Standardized Responses: Consistent JSON success/error formats via traits.
• Pre-configured Error Handling: Automatic exceptions for:
  • Validation (422)
  • Authorization (403)
  • Rate Limiting (429)
  • Model/Route Not Found (404)
• Extendable Base Controllers: Simplify CRUD operations with:
  • BaseApiController (General APIs)
  • ProtectedApiController (Auth-required endpoints)
• Reusable Controller Traits:
  • HandlesApiResponse: Standardizes API responses
  • HandlesValidation: Centralizes validation logic
  • HandlesAuth: Authenticated user and authorization helpers
• Middleware: Ensures all responses are JSON-formatted.

git clone https://github.com/codewithmikee/laravel-backend-starter-template.git
cd laravel-backend-starter-template
cp .env.example .env
composer install
php artisan key:generate

Update .env with your database credentials:

DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=laravel
DB_USERNAME=root
DB_PASSWORD=

php artisan migrate

php artisan vendor:publish --provider="Laravel\Sanctum\SanctumServiceProvider"

Register
POST /api/auth/register

{
  "name": "John Doe",
  "email": "john@example.com",
  "password": "secret123"
}

Login
POST /api/auth/login

{
  "email": "john@example.com",
  "password": "secret123",
  "device_name": "iPhone"
}

Profile (Protected)
GET /api/profile
Header: Authorization: Bearer <token>

use App\Http\Controllers\Api\ProtectedApiController;

class UserController extends ProtectedApiController
{
    public function index()
    {
        return $this->handleRequest(
            fn() => User::all(),
            $this->request,
            'Users fetched successfully'
        );
    }
}

use App\Http\Controllers\Concerns\HandlesApiResponse;

class CustomController extends Controller
{
    use HandlesApiResponse;
    // ...
}

Throw errors directly in controllers:

$this->respondError('Resource not found', 404);

Success

{
  "success": true,
  "message": "Profile fetched successfully",
  "data": { "name": "John", "email": "john@example.com" },
  "errors": null
}

Error

{
  "success": false,
  "message": "Unauthorized",
  "data": null,
  "errors": {"authorization": "Unauthenticated"}
}

• Use BaseApiController for general endpoints.
• Extend ProtectedApiController for auth-required routes.
• Utilize validateRequest() in controllers for validation.
• Use controller traits for reusable logic.
• Environment-specific errors: Full details in local/staging, generic in production.

Happy Coding! 🚀
Maintained by Mikiyas Birhanu