# Authentication

Lodata does not wrap the API in authentication by default to get the developer up and running fast, but it's easy to add.

The OData standard is light on recommendations (opens new window) for authentication, as theoretically any HTTP authentication type could be supported by the producer as long as the consumer understands it.

The only authentication type the OData standard does recommend is HTTP Basic (opens new window), and there's support in many consumers for this.

If you've exported the configuration you can add basic authentication to all Lodata endpoints by modifying config/lodata.php to include auth.basic in the array of middleware:

...
/*
 * An array of middleware to be included when processing an OData request. Common middleware used would be to handle JWT authentication, or adding CORS headers.
 */
'middleware' => ['auth.basic'],
...
1
2
3
4
5
6

Similarly, if you are writing a Single Page Application (opens new window) protected by Laravel Sanctum (opens new window) you can include (opens new window) the auth:sanctum middleware.