Is Laravel Sanctum suitable to give API access to Third-party server?

Question

We built an API (which currently contains just a single route) to give access to specific data to another company we are working with.

The API calls this other company performs to our endpoint are server-side.
The API has been created with Laravel 8.

To give more context to the question, our system gathers coordinates that are sent by our GPS devices, and we want to give access to the coordinates of a specific set of GPS devices to the other company.
The coordinates are stored in our database, and the API route is just doing a SELECT query which is only allowed to access the data of these specific devices.

Searching around the internet, I saw that Laravel Sanctum can help providing API tokens to consume an API. My question is, can we use Laravel Sanctum for the current workflow? Is it suitable?

The examples on the documentation demonstrate we can do something like this:

$user->createToken('token-name', ['server:update'])->plainTextToken;

But, in my case, there is no user for the other company. If Laravel Sanctum is ok for that, should I create a specific user representing this company? or maybe another Model (and database table) just for companies? Even if we only have one in our case.

Answer 1

A token can be generated for any model that has HasApiTokens trait.

Since you need it for authentication purpose, I think the easiest solution is to create a user that represents the company and generate a token for that user.

This way, if the user call the API with a correct token, Sanctum will authenticate the user and you can get the user using Auth::user() in the API action method.