home / skills / fusengine / agents / laravel-api
This skill helps you design and implement Laravel RESTful APIs using API Resources, Sanctum authentication, and versioned routes for scalable, secure endpoints.
npx playbooks add skill fusengine/agents --skill laravel-apiReview the files below or copy the command above to add this skill to your agents.
---
name: laravel-api
description: Build RESTful APIs with Laravel using API Resources, Sanctum authentication, rate limiting, and versioning. Use when creating API endpoints, transforming responses, or handling API authentication.
versions:
laravel: "12.46"
php: "8.5"
user-invocable: true
references: references/routing.md, references/controllers.md, references/middleware.md, references/requests.md, references/responses.md, references/validation.md, references/pagination.md, references/http-client.md, references/rate-limiting.md, references/redirects.md, references/urls.md, references/strings.md
related-skills: laravel-auth, laravel-eloquent, laravel-testing
---
# Laravel API Development
## Agent Workflow (MANDATORY)
Before ANY implementation, use `TeamCreate` to spawn 3 agents:
1. **fuse-ai-pilot:explore-codebase** - Analyze existing API patterns
2. **fuse-ai-pilot:research-expert** - Verify Laravel API docs via Context7
3. **mcp__context7__query-docs** - Check API Resources and Sanctum patterns
After implementation, run **fuse-ai-pilot:sniper** for validation.
---
## Overview
Build RESTful APIs with Laravel using API Resources for response transformation and Sanctum for authentication.
| Component | Purpose |
|-----------|---------|
| **Controllers** | Handle requests, delegate to services |
| **Form Requests** | Validate input, authorize actions |
| **API Resources** | Transform models to JSON |
| **Middleware** | Auth, rate limiting, CORS |
| **Routes** | Versioned endpoints with groups |
| **Pagination** | Offset/cursor pagination |
| **HTTP Client** | Consume external APIs |
---
## Critical Rules
1. **Always use API Resources** - Never return Eloquent models directly
2. **Versioned routes** - Prefix with `/v1/`, `/v2/`
3. **Validate all input** - Use Form Requests, not inline validation
4. **Rate limiting** - Configure per-route limits
5. **Consistent responses** - Same structure, proper status codes
6. **Use services** - Keep controllers thin
7. **Eager load** - Prevent N+1 with `with()` before pagination
---
## Reference Guide
### Core Concepts
| Topic | Reference | When to consult |
|-------|-----------|-----------------|
| **Routing** | [routing.md](references/routing.md) | Defining versioned API routes |
| **Controllers** | [controllers.md](references/controllers.md) | Controller patterns, resource methods |
| **Middleware** | [middleware.md](references/middleware.md) | Route protection, request filtering |
| **Validation** | [validation.md](references/validation.md) | Form Requests, validation rules |
### Request/Response
| Topic | Reference | When to consult |
|-------|-----------|-----------------|
| **Requests** | [requests.md](references/requests.md) | Accessing input, files, headers |
| **Responses** | [responses.md](references/responses.md) | API Resources, status codes |
| **Pagination** | [pagination.md](references/pagination.md) | Offset/cursor pagination |
### Advanced
| Topic | Reference | When to consult |
|-------|-----------|-----------------|
| **Rate Limiting** | [rate-limiting.md](references/rate-limiting.md) | Throttle configuration |
| **HTTP Client** | [http-client.md](references/http-client.md) | Consuming external APIs |
| **URLs** | [urls.md](references/urls.md) | URL generation, signed URLs |
| **Strings** | [strings.md](references/strings.md) | String helpers, UUIDs, slugs |
| **Redirects** | [redirects.md](references/redirects.md) | Redirect responses |
---
### Templates (Code Examples)
#### Controllers & Routes
| Template | Purpose |
|----------|---------|
| [ApiController.php.md](references/templates/ApiController.php.md) | Complete CRUD controller with service |
| [api-routes.md](references/templates/api-routes.md) | Versioned routes with middleware |
| [routing-examples.md](references/templates/routing-examples.md) | Detailed routing patterns |
#### Validation & Resources
| Template | Purpose |
|----------|---------|
| [FormRequest.php.md](references/templates/FormRequest.php.md) | Store/Update Form Requests |
| [validation-rules.md](references/templates/validation-rules.md) | All validation rules reference |
| [ApiResource.php.md](references/templates/ApiResource.php.md) | Resource with relationships |
#### External APIs
| Template | Purpose |
|----------|---------|
| [HttpClientService.php.md](references/templates/HttpClientService.php.md) | Reusable HTTP client service |
---
## Quick Reference
### Resource Response
```php
return PostResource::collection($posts);
return PostResource::make($post);
```
### Status Codes
```php
return PostResource::make($post)->response()->setStatusCode(201);
return response()->json(null, 204);
```
### Form Request
```php
public function store(StorePostRequest $request): JsonResponse
{
$post = $this->service->create($request->validated());
return PostResource::make($post)->response()->setStatusCode(201);
}
```
### Rate Limiting
```php
Route::middleware('throttle:60,1')->group(fn () => ...);
```
### Versioned Routes
```php
Route::prefix('v1')->group(function () {
Route::apiResource('posts', PostController::class);
});
```
### Pagination
```php
return PostResource::collection(Post::paginate(15));
```
---
## Feature Matrix
| Feature | Status | Reference |
|---------|--------|-----------|
| RESTful Controllers | ✅ | controllers.md |
| API Resources | ✅ | responses.md |
| Form Request Validation | ✅ | validation.md |
| Route Versioning | ✅ | routing.md |
| Route Model Binding | ✅ | routing.md |
| Middleware | ✅ | middleware.md |
| Rate Limiting | ✅ | rate-limiting.md |
| Pagination | ✅ | pagination.md |
| Cursor Pagination | ✅ | pagination.md |
| HTTP Client | ✅ | http-client.md |
| Signed URLs | ✅ | urls.md |
| JSON Responses | ✅ | responses.md |
This skill helps you build production-ready RESTful APIs with Laravel using API Resources, Sanctum authentication, rate limiting, and route versioning. It enforces consistent response formats, thin controllers backed by services, and validated inputs via Form Requests. The workflow includes automated agent steps to analyze code, verify docs, and validate the final implementation.
Before any implementation, spawn three agents with TeamCreate to analyze the codebase, verify Laravel API docs, and check API Resource and Sanctum patterns. Use API Resources to transform models into JSON responses, Form Requests for validation and authorization, and Sanctum for token/session authentication. Apply middleware for authentication, CORS, and per-route rate limiting, and organize routes with version prefixes like /v1/ or /v2/. After implementation, run the validation agent to scan and validate the changes.
How should I structure controllers and services?
Keep controllers thin: validate with Form Requests, call a service to perform business logic, and return API Resources from the controller.
How do I handle versioning safely?
Use route prefixes (e.g., /v1) and keep older versions intact while introducing v2 with breaking changes; maintain separate controllers or transformers if response shapes differ.