How to secure communication between Laravel and Lumen?


Laravel backend will be accessing to Lumen via API using Guzzle.

I don't need a database in Lumen, so how can I add security between Laravel and Lumen? As far I am aware if I need pass token I would database access in Lumen.

Lumen is for internal use, which is not for the public to access.

I would do it like this:

  • Store a key in your .env of your laravel installation, call it LUMEN_API_TOKEN
  • Do the same on the Lumen side
  • Create the API endpoint on the Lumen side, as explained in its documentation
  • Use Token authentication, to authenticate any client connecting to the Lumen Endpoint(s). The key provided by the connector, needs to be equal to LUMEN_API_TOKEN
  • for token authentication you can use a header key, or simply a GET-Parameter...something like http://your_Lumen_site/endpoint?token=12345
  • Use Guzzle on Laravel to connect to Lumen