Laravel API Redirects to Login Route Despite Valid Bearer Token
I’ve created a REST API with Laravel 12 and I’m using Sanctum for authentication. My routes are defined in the api.php file.
When I try to access an authenticated route from an administrator account using Postman, the request is unexpectedly redirected to the named login route, and I receive the following error:
Missing required parameter for [Route: login] [URI: api/login/{type}] [Missing parameter: type]
*
I am sending a POST request to the following endpoint: /api/administrateur/categories.
I have confirmed that I am including a valid Bearer Token from a successful administrator login in my request headers. The token is valid and should grant me access to the authenticated routes. I believe the issue lies within the Sanctum authentication middleware, as the application seems to be failing to recognize my token and instead redirects me to the login route.
Here is my api.php file for reference:
<?php
use IlluminateHttpRequest;
use IlluminateSupportFacadesRoute;
use AppHttpControllersAuthentificationController;
use AppHttpControllersClientController;
use AppHttpControllersEntrepriseController;
use AppHttpControllersAdministrateurController;
use AppHttpControllersProduitController;
use AppHttpControllersDevisController;
use AppHttpControllersCommentaireController;
use AppHttpControllersCategorieController;
Route::post('/register', [AuthentificationController::class, 'register']);
Route::post('/login/{type}', [AuthentificationController::class, 'login'])->name('login');
Route::get('/categories', [CategorieController::class, 'index']);
Route::get('/categories/{id}', [CategorieController::class, 'show']);
Route::get('/produits', [ProduitController::class, 'index']);
Route::get('/produits/{id}', [ProduitController::class, 'show']);
Route::get('/entreprises', [EntrepriseController::class, 'index']);
Route::get('/entreprises/{id}', [EntrepriseController::class, 'show']);
Route::middleware('auth:sanctum')->group(function () {
Route::post('/logout', [AuthentificationController::class, 'logout']);
Route::prefix('client')->middleware('authentification.type:client')->group(function () {
Route::get('/profile', [ClientController::class, 'showProfile']);
Route::put('/profile', [ClientController::class, 'updateProfile']);
Route::get('/commentaires', [CommentaireController::class, 'index']);
Route::post('/commentaires', [CommentaireController::class, 'store']);
Route::get('/commentaires/{commentaire}', [CommentaireController::class, 'show']);
Route::put('/commentaires/{commentaire}', [CommentaireController::class, 'update']);
Route::delete('/commentaires/{commentaire}', [CommentaireController::class, 'destroy']);
Route::get('/devis', [DevisController::class, 'index']);
Route::post('/devis', [DevisController::class, 'store']);
Route::get('/devis/{devi}', [DevisController::class, 'show']);
Route::put('/devis/{devi}', [DevisCont
type here
roller::class, 'update']);
Route::delete('/devis/{devi}', [DevisController::class, 'destroy']);
});
Route::prefix('entreprise')->middleware('authentification.type:entreprise')->group(function () {
Route::get('/profile', [EntrepriseController::class, 'showProfile']);
Route::put('/profile', [EntrepriseController::class, 'updateProfile']);
Route::post('/produits', [ProduitController::class, 'store']);
Route::put('/produits/{produit}', [ProduitController::class, 'update']);
Route::delete('/produits/{produit}', [ProduitController::class, 'destroy']);
Route::put('/devis/{id}/statut', [DevisController::class, 'updateStatus']);
});
Route::prefix('administrateur')->middleware('authentification.type:administrateur')->group(function () {
Route::get('/dashboard', [AdministrateurController::class, 'dashboardStats']);
Route::post('/entreprises/{id}/valider', [AdministrateurController::class, 'validerEntreprise']);
Route::post('/entreprises/{id}/refuser', [AdministrateurController::class, 'refuserEntreprise']);
Route::post('/entreprises', [AdministrateurController::class, 'store']);
Route::get('/entreprises', [AdministrateurController::class, 'indexEntreprises']);
Route::put('/entreprises/{entreprise}', [AdministrateurController::class, 'update']);
Route::delete('/entreprises/{entreprise}', [AdministrateurController::class, 'destroy']);
Route::get('/entreprises/{id}', [AdministrateurController::class, 'show']);
Route::post('/categories', [CategorieController::class, 'store'])->name('categories.store');
Route::put('/categories/{categorie}', [CategorieController::class, 'update'])->name('categories.update');
Route::delete('/categories/{categorie}', [CategorieController::class, 'destroy'])->name('categories.destroy');
});
});
What could be causing this redirect to the login page, even with a valid token? How can I fix this
