Laravel What is a guard?

Stefan Izdrail

Founder & Senior Architect · 2026-06-29

Laravel Company
Title: Understanding Guards in Laravel Authentication Body:

In this post, we'll discuss guards, which are an essential component of Laravel's authentication system. By the end, you should have a clear understanding of what guards do and how they contribute to your application's security and functionality.

What is a Guard?

A guard in Laravel is a concept that enables developers to define rules and conditions for user authentication. It works by separating the logic of authenticating users from the actual process of doing so, allowing you to easily manage multiple types of users and their respective permissions. Guards can help enforce your application's access control policies and ensure only authorized users have access to specific areas or features within the system.

Default Guards in Laravel

By default, Laravel provides two built-in guards: "web" and "api". The web guard is used for authenticating users who interact with your application through a standard HTTP request (e.g., browsing the site or submitting forms). On the other hand, the api guard handles authentication when your API endpoints are accessed via an external client or framework.

Creating Custom Guards

If you want to add more specific rules or conditions for authenticating additional types of users (e.g., administrators, partners, etc.), you can create custom guards that follow the same pattern as the default ones. To do so, simply create a new guard class inside your project's app/Providers/AuthServiceProvider.php file. Add the following code:
$this->registerPolicies(new \App\Policies\MyCustomGuardPolicy);
Here, we've created a new policy class (App\Policies\MyCustomGuardPolicy) and registered it with the AuthServiceProvider. You can then set rules and conditions for your custom guard within this policy class.

Using Guards in Your Code

To make use of guards, you'll need to call the appropriate guard when authenticating a user via Auth::attempt(). For example:
$credentials = [
    'email' => $request->input('email'),
    'password' => $request->input('password')
];

if (Auth::guard('admin')->attempt($credentials)) {
    // Successful login, redirect to admin dashboard or perform other actions.
} else {
    // Failed login attempt, handle the error as needed.
}
In this example, we're using the 'admin' guard to authenticate users with a specific role (e.g., administrators). This ensures that only users with admin permissions can access certain areas within your application.

Conclusion

Understanding guards in Laravel is crucial for managing user authentication and ensuring the security of your application. By leveraging built-in or creating custom guards, you'll be able to restrict access to specific areas or features while providing a seamless experience for users with different roles. Remember that using appropriate guards not only enhances security but also simplifies the development process by separating authentication logic from actual implementation.