I have an app that is still under development, yet it is already deployed and live on the server. To protect it from being visited by boots or humans who should not see it yet, I have enabled Basic Auth via server provisioning dashboard (I use runcloud) not Laravel itself.
This all works fine, but because the app integrates payments I had to implement POST route (webhook) for external payment provider to hit it whenever it has to confirm payment. This single route should not be behind basic auth, otherwise payment provider is getting HTTP 401.
So I have:
- disabled basic auth on the provisioning dashboard
- enabled basic auth on Laravel level by adding
auth.basicmiddleware to all my routes except the webhook one.
Route::post('/payments/verify', [PaymentsController::class, 'verify'])
->name('payments.verify')
->withoutMiddleware('auth.basic');
This also works but by default, Laravel will use email and password from users table for credentials. I don’t want this. I want a fixed & simple credentials for everyone like “foo” / “bar”.
How can I do this in Laravel 11?