API integration with Laravel Sanctum and custom device header

[alexpettitiax]

Hi!

First, thanks for creating the laravel-devices package — it's really helpful!

I'm building a RESTful API using Laravel Sanctum and Laravel Fortify for authentication, and I was wondering if this package can be used in a stateless API context. Specifically, I’d like to handle device identification via a custom header (e.g., X-Device) that would pass device information in API requests.

My questions are:

Can the package work with Sanctum in a stateless API environment, and are any adjustments needed? Does the package work without session support, given that APIs are stateless? Do you have any recommendations for handling device identification through custom headers like X-Device? Thanks in advance for your guidance! It would be great to use this package in API scenarios.

[diego-ninja]

Hey there,

Thanks for getting in touch, the package is authentication agnostic so it should work with any kind of authentication guard, but I am afraid the header transport is incomplete. I will finish the header transport for device id tomorrow.

At Kimia we are using this package in API scenarios, we are using JWT tokens for authentication and cookie as device id transport and it works fine. Right now this package uses Laravel session as storage but I am working on removing this usage soon, so if you need or want to use it it's ok but you are not forced to use it just to get this package to work.

I will notify you when the header transport is finished.

[alexpettitiax]

Hi,

Thank you for the quick response!

It’s great to hear that the package is authentication agnostic and that you’re working on the header transport for the device ID.

I agree that using cookies could work, but in this case, I’d prefer to use the header for simplicity and ease of integration, especially since the mobile app team is handling the API requests. Using an X-Device header would make the process smoother for them.

I appreciate your efforts on this, and I’ll keep an eye out for when the header transport is ready.

Thanks again for your support!

[diego-ninja]

Hi,

I hope the header transport is ready. I just tested it briefly. If you find errors or malfunctions, please open a new issue.

Refer to config file and check new options.

    /*
    |--------------------------------------------------------------------------
    | Header name for device id
    |--------------------------------------------------------------------------
    | This option specifies the name of the header that will be used to store
    | the device uuid during the request.
    |
    */
    'device_id_header_name' => 'X-Device',

    /*
    |--------------------------------------------------------------------------
    | Transport for device id
    |--------------------------------------------------------------------------
    | This option specifies the transport method for the device id.
    |
    | Options: 'cookie', 'header'
    |
    */
    'device_id_transport' => 'cookie',

Regards, Diego

[alexpettitiax]

Hi Diego,

Thank you for the update and for implementing the header transport!

I’ve tested it, and I noticed that the device is not being stored when track_guest_sessions is set to true. Additionally, it would be really convenient if the device ID could be returned in the response, even when it’s a JsonResponse, either via the header or the cookie.

Let me know if this could be implemented or if there are any adjustments I should make on my end.

Thanks again for your support!

[diego-ninja]

Hi Alex,

I will check this whenever have a minute. I am pasting here for you my device.php configuration working on my Laravel Jetstream playground where I am developing and testing the package. Please check the options, and try to figure out why the device ID is not being propagated using header or cookie.

devices.php.zip

If you detect a bug or malfunction, please fork and pull request your fix and I will merge it in the next release.

Thanks, Diego.