A step-by-step guide to creating a scalable, maintainable Laravel API starter—using real code, real repos, and real-world patterns.
Why This Guide?
- Consistent API responses (no more frontend confusion)
- Reusable traits (DRY, testable code)
- Extendable base controllers (easy to scale)
- Built-in authentication (Sanctum)
- Automated scaffolding (Artisan commands)
- Repo links for every step
1️⃣ Project Setup: Start Clean
a) Create a new Laravel project:
composer create-project laravel/laravel my-api
cd my-api
b) Add Sanctum for API auth:
composer require laravel/sanctum
php artisan vendor:publish --provider="Laravel\Sanctum\SanctumServiceProvider"
php artisan migrate
c) Set up your API routes:
Edit routes/api.php and use the auth:sanctum middleware for protected endpoints:
Route::middleware('auth:sanctum')->get('/user', fn(Request $request) => $request->user());
2️⃣ Traits: The Secret to DRY, Consistent APIs
a) HandlesApiResponse
Standardize every response—success or error.
// app/Concerns/HandlesApiResponse.php
trait HandlesApiResponse
{
public function respondSuccess($data = null, string $message = '', int $status = 200)
{
return response()->json([
'success' => true,
'data' => $data,
'message' => $message,
'errors' => null
], $status);
}
public function respondError(string $message, int $code = 422, $errors = null)
{
return response()->json([
'success' => false,
'data' => null,
'message' => $message,
'errors' => $errors
], $code);
}
}
b) HandlesValidation
Centralize validation logic.
// app/Concerns/HandlesValidation.php
trait HandlesValidation
{
public function validateRequest(Request $request, array $rules)
{
return $request->validate($rules);
}
}
Usage Example:
class UserController extends BaseApiController
{
public function store(Request $request)
{
$data = $this->validateRequest($request, [
'email' => 'required|email|unique:users'
]);
return $this->respondSuccess(User::create($data), 'User created', 201);
}
}
3️⃣ Base Controllers: Your API's Foundation
a) BaseApiController
Centralize traits and error handling.
class BaseApiController extends Controller
{
use HandlesApiResponse, HandlesValidation;
public function handleRequest(callable $action, string $successMessage)
{
try {
$result = $action();
return $this->respondSuccess($result, $successMessage);
} catch (Throwable $e) {
return $this->respondError($e->getMessage());
}
}
}
b) ProtectedApiController
Auto-protect endpoints with Sanctum.
class ProtectedApiController extends BaseApiController
{
public function __construct()
{
$this->middleware('auth:sanctum');
}
}
Usage Example:
ProfileController Example
class ProfileController extends ProtectedApiController
{
public function index()
{
return $this->respondSuccess(auth()->user(), 'Profile loaded');
}
}
4️⃣ Automate with Artisan: No More Boilerplate
Create a custom command to scaffold controllers, requests, and resources:
php artisan make:api-resource Post
This generates:
PostControllerPostResource-
StorePostRequest/UpdatePostRequest PostPolicy
5️⃣ Response Standards: Make Frontend Happy
Success:
{
"success": true,
"data": { "id": 1, "name": "John" },
"message": "User loaded",
"errors": null
}
Error:
{
"success": false,
"data": null,
"message": "Validation failed",
"errors": { "email": ["Invalid email"] }
}
6️⃣ Your Next Steps
- Clone the boilerplate or this variant.
- Run
php artisan serve. - Build your first endpoint in minutes.
- Try the challenge: Add a
DELETE /posts/{id}endpoint with ownership checks (solution here).
Why This Works
- No more spaghetti code: Traits and base controllers keep things DRY and testable.
- Frontend-friendly: Predictable, consistent responses.
- Easy to extend: Add features without rewriting core logic.
- Battle-tested: Used in real projects (see repo stars & issues).
References & Further Reading
- codewithmikee/laravel-backend-starter-template
- codewithmikee/laravel-api-boilerplate
- Laravel Docs
- Sanctum Docs
Ready to build? Fork, clone, and make it yours!
Questions? Open an issue on the repo or reach out to the community.
Top comments (0)