What is Laravel Sanctum?
Why Interviewers Ask This
Mid-level Laravel roles require deep understanding of this topic. Interviewers ask this to separate candidates who truly understand the mechanics from those who only know surface-level concepts.
Answer
Laravel Sanctum is a lightweight authentication system for SPAs (Single Page Applications), mobile applications, and simple token-based APIs. Install: composer require laravel/sanctum. It provides two authentication mechanisms: API tokens (issue long-lived tokens with specific abilities: $user->createToken("mobile-app", ["read"])->plainTextToken) and SPA authentication (cookie-based session authentication for same-domain SPAs, combining CSRF protection with session auth). Validate ability: $request->user()->tokenCan("read"). Revoke tokens: $user->tokens()->delete(). Compared to Passport (OAuth2), Sanctum is simpler and covers 90% of use cases. It is the default authentication for Laravel starter kits.
Pro Tip
This topic has Laravel-specific nuances that differ from general programming. Highlighting those nuances in your answer shows expertise rather than generic knowledge.