Token authentication - where to store the token

Question

I am working with PHP and Laravel at the moment, I have a restful api that the user needs to authenticate with to make sure they can only access things they own etc.

Wha

Answer 1

I suggest to go the following route:

1. the user logs into your site and requests a API usage token
2. when a new request to your API comes in, compare the token from the incomming request, with the token in the db. if it is found, it's a valid request. the REST client could use the Authorization header to send the token.
3. send the answer for the request

While the login system of your website, might be session-based with cookies on client-side, the REST API is token-based and doesn't need a cookie or session.

Please take a look at this for more details: https://softwareengineering.stackexchange.com/a/141434/111803