We need to add a token security system to a API Laravel project already created.
Particularly, this project uses a users table in SQL Server that can not be changet to any other database because it’s mandatory. In this table we have username, email, password and user_token field.
API must provide a login url for receive username, email and password to validate (received via POST) and to generate ans store user_token in the database. Then give in return the api_token to the initial browser for to be used in all remaining petitions.
Mandatory use of token for the API must be configured in all the 18 API petitions that are already created in the Laravel Project (all except the login one that must allow anonymous access).
There must be a date control of token is valid and alive
It must be controlled if the user already has a token, if the token is valid, then when asking for token no new one is generated and the answer is to pass the existing one. This is for multiple devices auth. with same user.
A complete documentation on procedures and structure of code must be provided with the delivering of the project.