Laravel Sanctum Postman Pre-request Login Script

readme.md

A helpful Postman Pre-request Script which will log you into Laravel Sanctum, using environment variables and attach the token as an Authorization header before calling the request.

pre-request.js

let token = pm.environment.get('token');

if (! token) {
  let email = pm.environment.get('email');
  let password = pm.environment.get('password');
  
  let loginRequest = {
    url: loginUrl = pm.environment.get('url') + '/api/login',
    method: 'POST',
    headers: {
      Accept: 'application/json',
      'Content-Type': 'multipart/form-data',
    },
    body: {
      'mode': 'formdata',
      'formdata': [
        {'key':'email', 'value': email},
        {'key':'password', 'value': password},
        {'key': 'device_name', 'value': 'postman'}
      ]
    }
  };

  pm.sendRequest(loginRequest, function(err, res) {
    const token = res.json().data.token;

    pm.environment.set('token', token);
    pm.request.headers.upsert({
        key: 'Authorization',
        value: 'Bearer ' + token,
    });
  });
} else {
  pm.request.headers.upsert({
    key: 'Authorization',
    value: 'Bearer ' + token,
  });
}

routes.php

<?php
use App\Models\User;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Route;
use Illuminate\Validation\ValidationException;

Route::post('/login', function (Request $request) {
    $request->validate([
        'email'       => 'required|email',
        'password'    => 'required',
        'device_name' => 'required',
    ]);

    $user = User::where('email', $request->email)->first();

    if (! $user || ! Hash::check($request->password, $user->password)) {
        throw ValidationException::withMessages([
            'email' => ['The provided credentials are incorrect.'],
        ]);
    }

    return [
        'data' => [
            'token' => $user->createToken($request->device_name)->plainTextToken,
            'user'  => $user->only('id', 'name', 'email'),
        ],
    ];
});