Laravel What is a guard?
Stefan Izdrail
Founder & Senior Architect · 2026-06-29
Title: Understanding Guards in Laravel Authentication
Body:
In this post, we'll discuss guards, which are an essential component of Laravel's authentication system. By the end, you should have a clear understanding of what guards do and how they contribute to your application's security and functionality.
What is a Guard?
A guard in Laravel is a concept that enables developers to define rules and conditions for user authentication. It works by separating the logic of authenticating users from the actual process of doing so, allowing you to easily manage multiple types of users and their respective permissions. Guards can help enforce your application's access control policies and ensure only authorized users have access to specific areas or features within the system.Default Guards in Laravel
By default, Laravel provides two built-in guards: "web" and "api". The web guard is used for authenticating users who interact with your application through a standard HTTP request (e.g., browsing the site or submitting forms). On the other hand, the api guard handles authentication when your API endpoints are accessed via an external client or framework.Creating Custom Guards
If you want to add more specific rules or conditions for authenticating additional types of users (e.g., administrators, partners, etc.), you can create custom guards that follow the same pattern as the default ones. To do so, simply create a new guard class inside your project's app/Providers/AuthServiceProvider.php file. Add the following code:$this->registerPolicies(new \App\Policies\MyCustomGuardPolicy);
Here, we've created a new policy class (App\Policies\MyCustomGuardPolicy) and registered it with the AuthServiceProvider. You can then set rules and conditions for your custom guard within this policy class.
Using Guards in Your Code
To make use of guards, you'll need to call the appropriate guard when authenticating a user via Auth::attempt(). For example:$credentials = [
'email' => $request->input('email'),
'password' => $request->input('password')
];
if (Auth::guard('admin')->attempt($credentials)) {
// Successful login, redirect to admin dashboard or perform other actions.
} else {
// Failed login attempt, handle the error as needed.
}
In this example, we're using the 'admin' guard to authenticate users with a specific role (e.g., administrators). This ensures that only users with admin permissions can access certain areas within your application.