What are signed routes in Laravel?

Answer

Signed routes generate URLs with a cryptographic signature that verifies the URL has not been tampered with. Create a signed URL: URL::signedRoute("unsubscribe", ["user" => $user->id]). Temporary signed URL (expires): URL::temporarySignedRoute("password.reset", now()->addHours(2), ["token" => $token]). Validate in a controller: use the signed middleware: Route::get("/unsubscribe/{user}", [UnsubscribeController::class, "unsubscribe"])->name("unsubscribe")->middleware("signed") — if the signature is invalid or expired, a 403 response is returned. Use cases: email unsubscribe links, password reset links, email verification links, one-time action URLs in notifications. Signed routes prevent parameter tampering (e.g., changing the user ID in an unsubscribe link to unsubscribe someone else).