midLaravel
What is Laravel Sanctum and how does it work?
Updated May 16, 2026
Short answer
Sanctum provides lightweight authentication for SPAs and APIs using tokens or cookies.
Deep explanation
Laravel Sanctum allows authentication via API tokens for mobile apps and cookie-based sessions for SPAs. It is simpler than Passport and ideal for first-party applications. Tokens are stored in the database and can be scoped for permissions.
Real-world example
Used in React/Vue SPAs communicating with Laravel backend APIs.
Common mistakes
- Using Sanctum for complex OAuth scenarios where Passport is needed.
Follow-up questions
- Sanctum vs Passport?
- What are API tokens?