Edit:
Ah wait, I misread the question. You want to do it without turning off the CSRF protection? Like Bharat Geleda said: You can make a route that returns only the token and manually copy it in a _token
field in postman.
But I would recommend excluding your api calls from the CSRF protection like below, and addin some sort of API authentication later.
Which version of laravel are you running?
Laravel 5.2及以上版本:
从5.2开始,CSRF令牌仅在具有web
个中间件的路由上需要.因此,将您的API路由放在具有web
个中间件的组之外.
See the "The Default Routes File" heading in the documentation for more info.
Laravel 5.1和5.2:
You can exclude routes which should not have CSRF protection in the VerifyCsrfToken
middleware like this:
class VerifyCsrfToken extends BaseVerifier
{
/**
* The URIs that should be excluded from CSRF verification.
*
* @var array
*/
protected $except = [
'api/*',
];
}
有关更多信息,请参阅标题documentation"从CSRF保护中排除URI".