What are signed routes in Laravel?
Why Interviewers Ask This
Interviewers ask this to evaluate whether you have the depth of knowledge needed to mentor others and lead technical decisions. The expected answer goes beyond definitions into practical implications and real-world consequences.
Answer
Signed routes generate URLs with a cryptographic signature that verifies the URL has not been tampered with. Create a signed URL: URL::signedRoute("unsubscribe", ["user" => $user->id]). Temporary signed URL (expires): URL::temporarySignedRoute("password.reset", now()->addHours(2), ["token" => $token]). Validate in a controller: use the signed middleware: Route::get("/unsubscribe/{user}", [UnsubscribeController::class, "unsubscribe"])->name("unsubscribe")->middleware("signed") — if the signature is invalid or expired, a 403 response is returned. Use cases: email unsubscribe links, password reset links, email verification links, one-time action URLs in notifications. Signed routes prevent parameter tampering (e.g., changing the user ID in an unsubscribe link to unsubscribe someone else).
Common Mistake
Candidates often give textbook answers here. Interviewers are more impressed when you relate the concept to a specific problem you solved in a real Laravel project.