I have a Laravel 4.2 application up and running, currently it is using a csrf token validation filter to control the access to the routes, like so:
Route::post(
'program/{id}',
[
'as' => 'program.add',
'uses' => 'SomeController@addProgram',
'before' => 'csrf'
]
);
Filter code:
Route::filter('csrf', function () {
if (Session::token() != Input::get('_token')) {
throw new Illuminate\Session\TokenMismatchException();
}
});
However a new api is to be added. This api needs to be front-end agnostic (so I cant be using a CSRF token stored in session), its going to be consumed by other systems and I need an easy and fast way to validate the access to this new routes.
The routes must remain accessible to unauthenticated users but only for requests coming from specific applications
How can I go about to do this? Would something like JWT work even if the api will be consumed by an application that uses no login?