Navigation

MyCuriosity Coding And Beyond / Laravel
Laravel

How to Get the Bearer Token from a Request in Laravel

Extract and use Bearer tokens from Authorization headers in Laravel for API authentication. Works with Sanctum, Passport, and custom implementations.
Osman Aras Osman Aras
Aug 06, 2025 2 min read 4 views
0 0

Table Of Contents

Problem

You need to extract the Bearer token from the Authorization header to authenticate API requests or perform custom token validation.

Solution

Use Laravel's built-in bearerToken() method:

// In a controller or middleware
public function someMethod(Request $request)
{
    $token = $request->bearerToken();
    
    if (!$token) {
        return response()->json(['error' => 'Token not provided'], 401);
    }
    
    // Use the token
    // $token contains the token string without "Bearer " prefix
}

Alternative methods:

// Method 1: Using header() method
$authHeader = $request->header('Authorization');
$token = null;

if ($authHeader && str_starts_with($authHeader, 'Bearer ')) {
    $token = substr($authHeader, 7);
}

// Method 2: In middleware
public function handle($request, Closure $next)
{
    $token = $request->bearerToken();
    
    // Validate token manually
    $user = User::where('api_token', hash('sha256', $token))->first();
    
    if (!$user) {
        return response()->json(['message' => 'Unauthorized'], 401);
    }
    
    auth()->login($user);
    
    return $next($request);
}

// Method 3: With Sanctum
if ($request->user('sanctum')) {
    $token = $request->user()->currentAccessToken()->token;
}

Why It Works

The bearerToken() method automatically extracts tokens from the Authorization: Bearer {token} header format. It handles the parsing and returns just the token value, removing the "Bearer " prefix. This is the standard format for API authentication tokens.

For custom implementations or when you need the raw header:

// Get raw authorization header
$fullHeader = $request->header('Authorization'); // "Bearer your-token-here"

// Check if token exists in different formats
$token = $request->bearerToken() 
    ?? $request->query('api_token') 
    ?? $request->input('api_token');

Related: Laravel Collections: Beyond Basic Array Operations | Laravel Events and Listeners: Building Decoupled Applications | Building Multi-tenant Applications with Laravel: A Comprehensive Guide | Laravel Sanctum: API Token Authentication Made Simple | API Authentication & Security 2025: Complete Guide

Share this article

Add Comment

No comments yet. Be the first to comment!

More from Laravel

Laravel

Laravel 11 New Features and Performance Improvements

Laravel 11 brings significant performance improvements, streamlined application structure, and devel...
Osman Aras Jul 1, 2025
Laravel

Building a SaaS Application with Laravel: Complete Guide 2025

Complete guide to building SaaS applications with Laravel in 2025. Learn multi-tenancy implementatio...
Osman Aras Jul 21, 2025
Laravel

Advanced Techniques and Best Practices for Service Providers

Master advanced service provider techniques in Laravel including deferred providers, tagged bindings...
Osman Aras Aug 3, 2025
Laravel

Laravel 12: Enterprise Auth & Modern Starter Kits

Laravel 12 revolutionizes web development with enterprise-grade authentication and cutting-edge star...
Osman Aras Jul 13, 2025
Laravel

Complete Guide to Laravel Common Error Codes: 401, 403, 422, 419

Master Laravel error codes 401, 403, 422, 419 with our comprehensive guide. Get step-by-step solutio...
Osman Aras Jul 22, 2025
Laravel

Laravel Queue System: Asynchronous Job Management

Why Queues Matter More Than You Think Setting Up Laravel Queues: The Basics Creating Your First Job...
Osman Aras Jul 4, 2025