Bridging the Gap: Integrating Nuxt.js with Laravel Sanctum

Laravel////3 min read

Overview

Connecting a frontend to a REST API creates a powerful, SEO-friendly architecture. By using session-based authentication rather than just tokens, you gain the native security benefits of CSRF protection and reduced XSS risks. This guide explores how to synchronize these environments to share cookies and fetch data seamlessly using a first-party frontend approach.

Prerequisites

To follow along, you need a working knowledge of and . You should have a API already configured and (version 2 is used here) installed. Basic familiarity with terminal commands and local development environments like will help you manage local subdomains.

Key Libraries & Tools

  • : A promise-based HTTP client for the browser and Node.js.
  • : A dedicated library to handle authentication strategies.
  • : Provides a featherweight authentication system for SPAs and simple APIs.
  • : A utility-first CSS framework for rapid UI development.

Environment Synchronization

For session-based auth to work, both apps must share a top-level domain. Use to link your API to api.ergodnc.test and proxy your Nuxt app to app.ergodnc.test. In your Laravel .env, set SESSION_DOMAIN to .ergodnc.test. This dot prefix is non-negotiable; it tells the browser the cookie belongs to all subdomains. Additionally, update cors.php by setting supports_credentials to true to allow the browser to pass cookies back and forth.

Code Walkthrough: Data Fetching and Auth

In your Nuxt pages, the fetch hook is your best friend. It allows you to populate data on the server side or during client-side navigation.

async fetch() {
  const response = await this.$axios.get('/offices');
  this.offices = response.data;
}

For authentication, configure the in nuxt.config.js using the cookie strategy. You must define four critical endpoints: login, logout, user, and the Sanctum client-side-csrf cookie. This ensures Nuxt initializes the CSRF token before attempting a login.

Syntax Notes

Nuxt’s fetchState is an elegant way to handle UI states. Use $fetchState.pending to show loaders and $fetchState.error to catch failures. When using the , the $auth helper becomes globally available, allowing you to check $auth.loggedIn or access user data via $auth.user directly in your templates.

Tips & Gotchas

Always verify that your stateful domains include your Nuxt URL. If you miss this, Laravel won't attach the session middleware, and your authentication will fail silently. If you get 401 errors after a session expires, use an Axios interceptor to catch the error and force a logout on the frontend to keep the UI in sync with the server.

Topic DensityMention share of the most discussed topics · 16 mentions across 10 distinct topics
19%· software
13%· software
13%· software
13%· software
13%· software
Other topics
31%
End of Article
Source video
Bridging the Gap: Integrating Nuxt.js with Laravel Sanctum

Using a Laravel REST API with a NuxtJs App

Watch

Laravel // 15:43

Laravel

Laravel

The official YouTube channel of Laravel, the clean stack for Artisans and agents. We will update you on what's new in the world of Laravel, from the framework to our products Cloud, Forge, and Nightwatch.

Read latest
Who and what they mention most
Laravel
30.2%13
PHP
20.9%9
Laravel Cloud
18.6%8
Taylor Otwell
16.3%7
Leah Thompson
14.0%6
3 min read0%
3 min read