> ## Documentation Index > Fetch the complete documentation index at: https://docs-dev-docs-event-stream-action-templates.mintlify.site/llms.txt > Use this file to discover all available pages before exploring further. > This guide demonstrates how to integrate Auth0, add token-based authorization, and protect application routes using the Auth0 PHP SDK. # Add Authorization to Your PHP Application export const AuthCodeGroup = ({children, dropdown}) => { const [processedChildren, setProcessedChildren] = useState(children); useEffect(() => { let unsubscribe = null; function init() { unsubscribe = window.autorun(() => { const processChildren = node => { if (typeof node === "string") { let processedNode = node; for (const [key, value] of window.rootStore.variableStore.values.entries()) { const escapedKey = key.replaceAll(/[.*+?^${}()|[\]\\]/g, (String.raw)`\$&`); processedNode = processedNode.replaceAll(new RegExp(escapedKey, "g"), value); } return processedNode; } else if (Array.isArray(node)) { return node.map(processChildren); } else if (node && node.props && node.props.children) { return { ...node, props: { ...node.props, children: processChildren(node.props.children) } }; } return node; }; setProcessedChildren(processChildren(children)); }); } if (window.rootStore) { init(); } else { window.addEventListener("adu:storeReady", init); } return () => { window.removeEventListener("adu:storeReady", init); unsubscribe?.(); }; }, [children]); return {processedChildren}; }; export const QuickstartButtons = ({githubLink, lang = "en"}) => { const translations = { en: { viewOnGithub: "View On GitHub", loginAndDownload: "Download Sample" }, "fr-ca": { viewOnGithub: "Afficher sur GitHub", loginAndDownload: "Télécharger un exemple" }, "ja-jp": { viewOnGithub: "Githubで表示", loginAndDownload: "サンプルをダウンロード" } }; const text = translations[lang] || translations.en; const parseGithubUrl = url => { try { const urlObj = new URL(url); const pathParts = urlObj.pathname.split("/").filter(Boolean); if (pathParts.length >= 4 && pathParts[2] === "tree") { const repoName = pathParts[1]; const branch = pathParts[3]; const path = pathParts.slice(4).join("/") || undefined; return { repo: repoName, branch, path }; } console.warn("Could not parse GitHub URL:", url); return null; } catch (error) { console.error("Error parsing GitHub URL:", error); return null; } }; const handleDownload = async () => { const params = parseGithubUrl(githubLink); if (!params) { console.error("Invalid GitHub URL format"); return; } try { await window.Auth0DocsUI?.getSample(params); } catch (error) { console.error("Failed to download sample:", error); } }; return
{text.viewOnGithub}
; }; export const LoggedInForm = ({sampleApp}) => { const LS_APPS_KEY = "auth_demo_apps"; const LS_APP_CFG_KEY = "auth_demo_app_cfg"; const CHANNEL = "auth_flows_sync_v1"; const mkChannel = () => new BroadcastChannel(CHANNEL); function uid() { return Math.random().toString(36).slice(2) + Date.now().toString(36); } function loadApps() { const raw = localStorage.getItem(LS_APPS_KEY); if (raw) return JSON.parse(raw); const seeded = [{ id: "{yourClientId}", name: "Default App" }]; localStorage.setItem(LS_APPS_KEY, JSON.stringify(seeded)); return seeded; } function saveApps(apps) { localStorage.setItem(LS_APPS_KEY, JSON.stringify(apps)); } function loadCfg() { const raw = localStorage.getItem(LS_APP_CFG_KEY); return raw ? JSON.parse(raw) : {}; } function saveCfg(cfg) { localStorage.setItem(LS_APP_CFG_KEY, JSON.stringify(cfg)); } const RightChevron = ({className = "w-5 h-5", ...props}) => ; const LightningIcon = () => ; const LayersIcon = () => ; const GithubIcon = () => ; function IconTile({children}) { return
{children}
; } function Card({className = "", children}) { return
{children}
; } function Button({variant = "primary", type = "button", onClick, children}) { const base = "inline-flex items-center justify-center gap-2 h-10 px-4 rounded-xl font-medium transition"; let styles = ""; if (variant === "primary") { styles = "mint-bg-indigo-600 text-white hover:mint-bg-indigo-700"; } else if (variant === "outline") { styles = "border border-zinc-300 dark:border-zinc-700 mint-bg-transparent hover:mint-bg-zinc-50 dark:hover:mint-bg-zinc-800"; } else if (variant === "ghost") { styles = "hover:mint-bg-zinc-100 dark:hover:mint-bg-zinc-800"; } return ; } function Input({id, label, value, onChange, placeholder, name}) { return ; } function Select({label, value, onChange, options}) { return ; } function Toast({open, onClose, children}) { useEffect(() => { if (!open) return; const t = setTimeout(onClose, 2200); return () => clearTimeout(t); }, [open, onClose]); return
{children}
; } function Flows() { const [route, setRoute] = useState("menu"); const [apps, setApps] = useState(loadApps()); const [cfg, setCfg] = useState(loadCfg()); const [selected, setSelected] = useState(apps[0]?.id || ""); const [toast, setToast] = useState(false); const [bc] = useState(() => mkChannel()); useEffect(() => { if (!apps.find(a => a.id === selected)) { setSelected(apps[0]?.id || ""); } }, [apps, selected]); useEffect(() => { const onMsg = e => { const {type, payload} = e.data || ({}); switch (type) { case "NAV": setRoute(payload.route); break; case "SELECT": setSelected(payload.appId); break; case "APPS_UPDATED": setApps(loadApps()); break; case "CFG_UPDATED": setCfg(loadCfg()); setToast(true); break; default: break; } }; bc.addEventListener("message", onMsg); return () => bc.removeEventListener("message", onMsg); }, [bc]); const nav = nextRoute => { setRoute(nextRoute); bc.postMessage({ type: "NAV", payload: { route: nextRoute } }); }; const selectApp = appId => { setSelected(appId); bc.postMessage({ type: "SELECT", payload: { appId } }); }; const onCreate = name => { const id = uid(); const next = [...apps, { id, name: name || "Untitled" }]; setApps(next); saveApps(next); bc.postMessage({ type: "APPS_UPDATED" }); selectApp(id); nav("integrate"); }; const onSaveCfg = (appId, data) => { const next = { ...cfg, [appId]: data }; setCfg(next); saveCfg(next); setToast(true); bc.postMessage({ type: "CFG_UPDATED" }); }; return
{route === "menu" && nav("create")} onIntegrate={() => nav("integrate")} />} {route === "create" && nav("menu")} onSave={onCreate} />} {route === "integrate" && onSaveCfg(selected, data)} onCancel={() => nav("menu")} />} setToast(false)}> Successfully saved your changes.
; } function Menu({onCreate, onIntegrate}) { return ; } function CreateForm({onSave, onCancel}) { const [name, setName] = useState(""); return

You can change this later in the application settings.

; } function IntegrateForm({apps, selected, onSelect, saved, onSave, onCancel}) { const [callbacks, setCallbacks] = useState(saved?.callbacks ?? ""); const [logouts, setLogouts] = useState(saved?.logouts ?? ""); const [origins, setOrigins] = useState(saved?.origins ?? ""); useEffect(() => { setCallbacks(loadCfg()[selected]?.callbacks ?? ""); setLogouts(loadCfg()[selected]?.logouts ?? ""); setOrigins(loadCfg()[selected]?.origins ?? ""); }, [selected]); return
Select your Application
; } return
; }; export const SignUpForm = () => { const [isAuthenticated, setIsAuthenticated] = useState(false); const [storeReady, setStoreReady] = useState(false); useEffect(() => { let unsubscribe = null; function init() { setStoreReady(true); unsubscribe = window.autorun(() => { const authenticated = window.rootStore?.sessionStore?.isAuthenticated || false; setIsAuthenticated(authenticated); }); } if (window.rootStore) { init(); } else { window.addEventListener("adu:storeReady", init); } return () => { window.removeEventListener("adu:storeReady", init); unsubscribe?.(); }; }, []); function LoggedInForm({sampleApp}) { const LS_APPS_KEY = "auth_demo_apps"; const LS_APP_CFG_KEY = "auth_demo_app_cfg"; const CHANNEL = "auth_flows_sync_v1"; const mkChannel = () => new BroadcastChannel(CHANNEL); function uid() { return Math.random().toString(36).slice(2) + Date.now().toString(36); } function loadApps() { const raw = localStorage.getItem(LS_APPS_KEY); if (raw) return JSON.parse(raw); const seeded = [{ id: "{yourClientId}", name: "Default App" }]; localStorage.setItem(LS_APPS_KEY, JSON.stringify(seeded)); return seeded; } function saveApps(apps) { localStorage.setItem(LS_APPS_KEY, JSON.stringify(apps)); } function loadCfg() { const raw = localStorage.getItem(LS_APP_CFG_KEY); return raw ? JSON.parse(raw) : {}; } function saveCfg(cfg) { localStorage.setItem(LS_APP_CFG_KEY, JSON.stringify(cfg)); } const RightChevron = ({className = "w-5 h-5", ...props}) => ; const LightningIcon = () => ; const LayersIcon = () => ; const GithubIcon = () => ; function IconTile({children}) { return
{children}
; } function Card({className = "", children}) { return
{children}
; } function Button({variant = "primary", type = "button", onClick, children}) { const base = "inline-flex items-center justify-center gap-2 h-10 px-4 rounded-xl font-medium transition"; let styles = ""; if (variant === "primary") { styles = "mint-bg-indigo-600 text-white hover:mint-bg-indigo-700"; } else if (variant === "outline") { styles = "border border-zinc-300 dark:border-zinc-700 mint-bg-transparent hover:mint-bg-zinc-50 dark:hover:mint-bg-zinc-800"; } else if (variant === "ghost") { styles = "hover:mint-bg-zinc-100 dark:hover:mint-bg-zinc-800"; } return ; } function Input({id, label, value, onChange, placeholder, name}) { return ; } function Select({label, value, onChange, options}) { return ; } function Toast({open, onClose, children}) { useEffect(() => { if (!open) return; const t = setTimeout(onClose, 2200); return () => clearTimeout(t); }, [open, onClose]); return
{children}
; } function Flows() { const [route, setRoute] = useState("menu"); const [apps, setApps] = useState(loadApps()); const [cfg, setCfg] = useState(loadCfg()); const [selected, setSelected] = useState(apps[0]?.id || ""); const [toast, setToast] = useState(false); const [bc] = useState(() => mkChannel()); useEffect(() => { if (!apps.find(a => a.id === selected)) { setSelected(apps[0]?.id || ""); } }, [apps, selected]); useEffect(() => { const onMsg = e => { const {type, payload} = e.data || ({}); switch (type) { case "NAV": setRoute(payload.route); break; case "SELECT": setSelected(payload.appId); break; case "APPS_UPDATED": setApps(loadApps()); break; case "CFG_UPDATED": setCfg(loadCfg()); setToast(true); break; default: break; } }; bc.addEventListener("message", onMsg); return () => bc.removeEventListener("message", onMsg); }, [bc]); const nav = nextRoute => { setRoute(nextRoute); bc.postMessage({ type: "NAV", payload: { route: nextRoute } }); }; const selectApp = appId => { setSelected(appId); bc.postMessage({ type: "SELECT", payload: { appId } }); }; const onCreate = name => { const id = uid(); const next = [...apps, { id, name: name || "Untitled" }]; setApps(next); saveApps(next); bc.postMessage({ type: "APPS_UPDATED" }); selectApp(id); nav("integrate"); }; const onSaveCfg = (appId, data) => { const next = { ...cfg, [appId]: data }; setCfg(next); saveCfg(next); setToast(true); bc.postMessage({ type: "CFG_UPDATED" }); }; return
{route === "menu" && nav("create")} onIntegrate={() => nav("integrate")} />} {route === "create" && nav("menu")} onSave={onCreate} />} {route === "integrate" && onSaveCfg(selected, data)} onCancel={() => nav("menu")} />} setToast(false)}> Successfully saved your changes.
; } function Menu({onCreate, onIntegrate}) { return ; } function CreateForm({onSave, onCancel}) { const [name, setName] = useState(""); return

You can change this later in the application settings.

; } function IntegrateForm({apps, selected, onSelect, saved, onSave, onCancel}) { const [callbacks, setCallbacks] = useState(saved?.callbacks ?? ""); const [logouts, setLogouts] = useState(saved?.logouts ?? ""); const [origins, setOrigins] = useState(saved?.origins ?? ""); useEffect(() => { setCallbacks(loadCfg()[selected]?.callbacks ?? ""); setLogouts(loadCfg()[selected]?.logouts ?? ""); setOrigins(loadCfg()[selected]?.origins ?? ""); }, [selected]); return
Select your Application
; } return
; } ; function SignUpFormInternal() { return
Sign up for an Auth0 account Sign up for an{" "} Auth0 account {" "} or{" "} console.log("log in")}> log in {" "} to your existing account to integrate directly with your own tenant.
; } ; return <>; }; export const SideMenuSectionItem = ({id, children}) => { return
{children}
; }; export const SideMenu = ({sections, children}) => { const [visibleSection, setVisibleSection] = useState(sections[0]?.id ?? null); const checkVisibility = () => { let currentVisible = null; const viewportHeight = window.innerHeight; const scrollY = window.scrollY; sections.forEach(({id}) => { const section = document.getElementById(id); if (section) { const rect = section.getBoundingClientRect(); const sectionTop = rect.top + scrollY; const sectionBottom = sectionTop + rect.height; const multiplier = viewportHeight > 1600 ? 0.34 : 0.22; if (scrollY + viewportHeight * multiplier >= sectionTop && scrollY <= sectionBottom) { currentVisible = id; } } }); if (currentVisible && currentVisible !== visibleSection) { setVisibleSection(currentVisible); } }; useEffect(() => { const throttledCheck = () => { setTimeout(checkVisibility, 100); }; checkVisibility(); window.addEventListener("scroll", throttledCheck); return () => { window.removeEventListener("scroll", throttledCheck); }; }, [sections, visibleSection]); useEffect(() => { sections.forEach(({id}) => { const section = document.getElementById(id); const sideMenuItem = document.getElementById(`side-menu-item-${id}`); if (section) { if (id === visibleSection) { section.classList.add("active-section"); } else { section.classList.remove("active-section"); } } if (sideMenuItem) { if (id === visibleSection) { sideMenuItem.classList.add("active-side-menu-item"); } else { sideMenuItem.classList.remove("active-side-menu-item"); } } }); }, [visibleSection, sections]); return
{children.map(child => { if (child.props.id === visibleSection) { return child; } return null; })}
; }; export const Section = ({id, title, stepNumber, children, isSingleColumn = false}) => { return
{} {children}
; }; export const Content = ({title, children}) => { return
{title &&

{title}

} {children}
; }; export const Recipe = ({children, isSingleColumn = false}) => { return
{children}
; }; export const sections = [{ id: "configure-auth0", title: "Configure Auth0" }, { id: "install-the-auth0-php-sdk", title: "Install the Auth0 PHP SDK" }, { id: "listen-for-the-bearer-tokens", title: "Listen for the bearer tokens" }, { id: "create-and-configure-routes", title: "Create and configure routes" }, { id: "configure-endpoint-authorization", title: "Configure endpoint authorization" }, { id: "authorize-with-scopes", title: "Authorize with scopes" }]; Auth0 allows you to add token-based endpoint authorization to almost any application type quickly. This guide demonstrates how to integrate Auth0, add token-based authorization, and protect application routes using the Auth0 PHP SDK. To use this quickstart, you’ll need to:
To use Auth0 services, you need to have an application registered in the Auth0 Dashboard. The Auth0 application is where you configure how you want authentication to work for your project. ### Configure an application Use the interactive selector to create a new Auth0 application or select an existing application that represents the project you want to integrate. Every application in Auth0 is assigned an alphanumeric, unique client ID that your application code uses to call Auth0 APIs through the SDK. Any settings you configure using this quickstart automatically updates for your application in the [Dashboard](https://manage.auth0.com/#/), which is where you can manage your applications in the future. If you would rather explore a complete configuration, you can view a sample application instead. ### Configure an API Similarly, you need to create a new Auth0 API or use an existing API that represents the project you're integrating from the [Dashboard](https://manage.auth0.com/#/). Choose a unique identifier for the API and make a note of it. You need that identifier to configure your application below.
Auth0 provides a [PHP SDK](https://github.com/auth0/auth0-PHP) (Auth0-PHP) to simplify the process of implementing Auth0 authentication and authorization in PHP apps. The Auth0 PHP SDK requires [PSR-17](https://www.php-fig.org/psr/psr-17/) and [PSR-18](https://www.php-fig.org/psr/psr-18/) installed, compatible HTTP libraries for managing network requests. If you don't have libraries available, you can install reliable choices by running the following commands in your terminal: ```bash lines theme={null} cd composer require symfony/http-client nyholm/psr7 ``` Now, install the Auth0 PHP SDK by running the following command in your terminal: ```bash lines theme={null} composer require auth0/auth0-php ``` ### Configure the Auth0 SDK For the SDK to function properly, you must set the following properties in the Auth0 SDK during initialization: * `strategy`: The strategy helps guide the behavior of the SDK for the use case of your app. In this case, you want to set this to the constant `Auth0\SDK\Configuration\SdkConfiguration::STRATEGY_API` * domain: The domain of your Auth0 tenant. Generally, you find this in the Auth0 Dashboard under Application's Settings in the Domain field. If you are using a custom domain, set this to the value of your custom domain instead. * clientId: The ID of the Auth0 Application you set up earlier in this quickstart. You can find this in the Auth0 Dashboard under your Application's Settings in the Client ID field. * clientSecret: The secret of the Auth0 application you created earlier in this quickstart. Client secret is in the Auth0 Dashboard under your Application's Settings in the Client Secret field. * audience: The identifier of the Auth0 API you registered above. This must be provided as an array. ##### Checkpoint Your Auth0 SDK is now properly configured. Run your application to verify that: * The SDK is initializing correctly. * Your application is not throwing any errors related to Auth0.
Next, expand your application to retrieve and process bearer tokens. Bearer tokens are access tokens provided to your API with requests from clients on a users' behalf. Access tokens approve or deny access to routes in your application. This is referred to as endpoint authorization. The easiest way to retrieve access tokens from a request is using the PHP SDK's `getBearerToken()` method. This method fetches tokens from GET parameters, POST bodies, request headers, and other sources. In this case, the PHP SDK processes tokens passed from GET requests in the `token` parameter or from the HTTP `Authorization` header.
Now, install a routing library to help direct incoming requests to your application. This isn't a required step, but simplifies the application structure for the purposes of this quickstart. ```bash lines theme={null} composer require steampixel/simple-php-router ``` Create a new file in your application called `router.php` to define the routes. Copy in the code from the interactive panel to the right under the **router.php** tab.
Now that you have configured your Auth0 application, the Auth0 PHP SDK, and you application retrieves bearer tokens from requests, the next step is to set up endpoint authorization for your project. The `getBearerToken()` method you implemented above returns a `Token` class that includes details on the request's access. Since the `getBearerToken()` method automatically validates and verifies the incoming request, your application determines the details of the access token by evaluating the method's response. When the response is null, no valid token has been provided. Otherwise, inspect the contents of the response to learn more about the request. In the interactive panel to the right, you can see a check if the response is null or not to filter access to your `/api/private` route.
In some cases, you may want to filter access to a specific route based on the requested scopes in an access token. As shown in the interactive panel on the right, evaluate the contents of the 'scope' property from the `getBearerToken()` method's response to check the scopes granted by the access token.
## Next Steps Excellent work! If you made it this far, you should now have login, logout, and user profile information running in your application. This concludes our quickstart tutorial, but there is so much more to explore. To learn more about what you can do with Auth0, check out: * [Auth0 Dashboard](https://manage.auth0.com/dashboard/us/dev-gja8kxz4ndtex3rq) - Learn how to configure and manage your Auth0 tenant and applications * [Auth0-PHP SDK](https://github.com/auth0/auth0-php) - Explore the SDK used in this tutorial more fully * [Auth0 Marketplace](https://marketplace.auth0.com/) - Discover integrations you can enable to extend Auth0’s functionality ```php index.php lines highlight={} theme={null} getBearerToken( get: ['token'], server: ['Authorization'] ); require('router.php'); ``` ```php router.php lines highlight={} theme={null} 'Hello from a public endpoint! You don\'t need to be authenticated to see this.', 'token' => $token ]); }); Route::add('/api/private', function() use ($token) { if ($token === null) { http_response_code(401); exit; } routeResponse([ 'message' => 'Hello from a private endpoint! You need to be authenticated to see this.', 'token' => $token, ]); }); Route::add('/api/private-scoped', function() use ($token) { if ($token === null) { http_response_code(401); exit; } if (! in_array('read:messages', $token['scopes'], true)) { http_response_code(401); exit; } routeResponse([ 'message' => 'Hello from a private endpoint! You need to be authenticated and have a scope of read:messages to see this.', 'token' => $token, ]); }); // The following route is just to avoid confusion. // We're not using an 'index route' in this app, so redirect requests to /api/public. Route::add('/', function() { header('Location: /api/public'); }); Route::run(); ``` ```php index.php lines highlight={20-23} theme={null} getBearerToken( get: ['token'], server: ['Authorization'] ); require('router.php'); ``` ```php router.php lines highlight={} theme={null} 'Hello from a public endpoint! You don\'t need to be authenticated to see this.', 'token' => $token ]); }); Route::add('/api/private', function() use ($token) { if ($token === null) { http_response_code(401); exit; } routeResponse([ 'message' => 'Hello from a private endpoint! You need to be authenticated to see this.', 'token' => $token, ]); }); Route::add('/api/private-scoped', function() use ($token) { if ($token === null) { http_response_code(401); exit; } if (! in_array('read:messages', $token['scopes'], true)) { http_response_code(401); exit; } routeResponse([ 'message' => 'Hello from a private endpoint! You need to be authenticated and have a scope of read:messages to see this.', 'token' => $token, ]); }); // The following route is just to avoid confusion. // We're not using an 'index route' in this app, so redirect requests to /api/public. Route::add('/', function() { header('Location: /api/public'); }); Route::run(); ``` ```php router.php lines highlight={} theme={null} 'Hello from a public endpoint! You don\'t need to be authenticated to see this.', 'token' => $token ]); }); Route::add('/api/private', function() use ($token) { if ($token === null) { http_response_code(401); exit; } routeResponse([ 'message' => 'Hello from a private endpoint! You need to be authenticated to see this.', 'token' => $token, ]); }); Route::add('/api/private-scoped', function() use ($token) { if ($token === null) { http_response_code(401); exit; } if (! in_array('read:messages', $token['scopes'], true)) { http_response_code(401); exit; } routeResponse([ 'message' => 'Hello from a private endpoint! You need to be authenticated and have a scope of read:messages to see this.', 'token' => $token, ]); }); // The following route is just to avoid confusion. // We're not using an 'index route' in this app, so redirect requests to /api/public. Route::add('/', function() { header('Location: /api/public'); }); Route::run(); ``` ```php index.php lines highlight={} theme={null} getBearerToken( get: ['token'], server: ['Authorization'] ); require('router.php'); ``` ```php router.php lines highlight={21-31} theme={null} 'Hello from a public endpoint! You don\'t need to be authenticated to see this.', 'token' => $token ]); }); Route::add('/api/private', function() use ($token) { if ($token === null) { http_response_code(401); exit; } routeResponse([ 'message' => 'Hello from a private endpoint! You need to be authenticated to see this.', 'token' => $token, ]); }); Route::add('/api/private-scoped', function() use ($token) { if ($token === null) { http_response_code(401); exit; } if (! in_array('read:messages', $token['scopes'], true)) { http_response_code(401); exit; } routeResponse([ 'message' => 'Hello from a private endpoint! You need to be authenticated and have a scope of read:messages to see this.', 'token' => $token, ]); }); // The following route is just to avoid confusion. // We're not using an 'index route' in this app, so redirect requests to /api/public. Route::add('/', function() { header('Location: /api/public'); }); Route::run(); ``` ```php index.php lines highlight={} theme={null} getBearerToken( get: ['token'], server: ['Authorization'] ); require('router.php'); ``` ```php router.php lines highlight={33-48} theme={null} 'Hello from a public endpoint! You don\'t need to be authenticated to see this.', 'token' => $token ]); }); Route::add('/api/private', function() use ($token) { if ($token === null) { http_response_code(401); exit; } routeResponse([ 'message' => 'Hello from a private endpoint! You need to be authenticated to see this.', 'token' => $token, ]); }); Route::add('/api/private-scoped', function() use ($token) { if ($token === null) { http_response_code(401); exit; } if (! in_array('read:messages', $token['scopes'], true)) { http_response_code(401); exit; } routeResponse([ 'message' => 'Hello from a private endpoint! You need to be authenticated and have a scope of read:messages to see this.', 'token' => $token, ]); }); // The following route is just to avoid confusion. // We're not using an 'index route' in this app, so redirect requests to /api/public. Route::add('/', function() { header('Location: /api/public'); }); Route::run(); ``` ```php index.php lines highlight={} theme={null} getBearerToken( get: ['token'], server: ['Authorization'] ); require('router.php'); ```