Start your next API in minutes, not weeks.
A robust Laravel 12 starter pre-wired with authentication, RBAC, file uploads, auditing and Docker — every feature toggled from a single config file. A self-hosted, scalable alternative to BaaS.
composer create-project laravel-api-boilerplatecomposer run devWhy another boilerplate?
BaaS platforms get you a prototype fast — until you outgrow their limits or hit vendor lock-in.
With AI accelerating development, the edge of BaaS is shrinking. Laravel gives you clean, maintainable syntax, native scalability and full ownership of your stack. This boilerplate lets any Laravel-familiar developer start a new API project with best practices already in place — so you focus on features, not plumbing. It's a starting point, not a framework: every controller, mailable and default is meant to be edited.
Everything wired up
Production concerns solved once, documented per module, and configurable without touching code.
Dual Authentication
Sanctum token auth for native apps and cookie/session auth for SPAs — same controllers, one config. Password, OTP and OAuth out of the box.
Passwordless OTP
Email one-time passwords with swappable database or cache (Redis) drivers. New users auto-created and email auto-verified on first verify.
Social / OAuth
Google, GitHub, Facebook and Twitter via Socialite, plus account linking and email auto-link. Add a provider with a config + env change.
Roles & Permissions
Laratrust RBAC seeded from config, default role auto-assigned on register, and role/permission middleware wired into the JSON error envelope.
Standard API Envelope
A base controller with response helpers plus a global exception → JSON renderer, so thrown errors and intentional responses share one schema.
Configurable Security
Per-endpoint named rate limits, a Password::defaults() policy chain, and an optional email-verification login gate — all toggled from config.
File Uploads with TTL
Two-phase upload + claim/release with scheduled cleanup of unclaimed files. Works unchanged on the local disk or S3.
Append-only Audit Log
An audit_log() helper and Auditable trait that capture who did what, with redaction of sensitive keys and a daily retention prune.
Dockerised Stack
Multi-stage image with Caddy, PHP-FPM, queue and scheduler workers, Postgres and Redis. One image, dev and prod compose files.
Auto API Docs
Scribe generates browsable API documentation straight from your PHPDoc annotations and route definitions.
Type-safe DTOs
Spatie Laravel Data for structured, type-safe data transfer between layers instead of loose arrays.
AI-ready
Laravel Boost MCP server plus shared agent rules for Claude, Cursor, Gemini and Copilot committed in the repo.
Up and running in four steps
Clone, install, configure, migrate. Then read the per-module docs and start building your domain.
Installation guidegit clone <repo> && cd laravel-api-boilerplatecomposer install && npm installcp .env.example .env && php artisan key:generatephp artisan migrate --seed && composer run devBuilt on a proven stack
Ready to build your API?
Read the docs and ship today.