Educational

Creating CRUD APIs With Resource Controllers

by

Saim Khalid
in

Introduction

In modern web development, APIs play a critical role in communication between frontends, mobile apps, and backend systems. Laravel, as one of the most powerful PHP frameworks, makes it incredibly simple to create complete CRUD (Create, Read, Update, Delete) APIs with minimal effort. By using Laravel’s resource controllers, you can quickly scaffold an entire structure for handling typical actions associated with API endpoints. These controllers give you all the standard methods required for a CRUD workflow, allowing you to focus strictly on writing your logic, validations, relationships, and responses.

Resource controllers offer a clean and organized way to manage API functionality. They automatically follow RESTful conventions, meaning your route structure and method names are predictable and readable. This consistency is particularly beneficial when you’re building large applications or coordinating with frontend/mobile developers who expect your API to follow logical patterns. With a single command, Laravel sets everything up for you. This long-form post explores resource controllers in-depth, describes how they function, explains Laravel’s routing conventions, and shows how to structure CRUD APIs in a professional and scalable manner.

Understanding CRUD in API Development

What CRUD Stands For

CRUD refers to four essential operations performed on resources:

  • Create – Adding a new record
  • Read – Fetching one or more records
  • Update – Modifying an existing record
  • Delete – Removing a record

Every application, whether small or complex, relies on these operations. Blogs use CRUD for posts, e-commerce stores for products, messaging systems for conversations, and management systems for users or inventory.

APIs expose these operations to external clients, allowing remote systems to interact with your database through HTTP requests.

Why CRUD APIs Are Essential

CRUD APIs provide predictable and reusable interfaces. They allow:

  • Frontend applications to request data
  • Mobile apps to manage resources
  • External systems to integrate with your platform
  • Services to exchange information
  • Admin dashboards to manage data

Every modern web application depends on well-structured, secure, and predictable CRUD APIs.

Laravel resource controllers deliver exactly that.

What Is a Resource Controller?

Laravel’s Approach to RESTful Controllers

Laravel includes a feature called resource controllers. These controllers are built around RESTful conventions, where each method in the controller corresponds to a standard CRUD action. Instead of manually creating dozens of routes and controller methods, Laravel does the heavy lifting for you.

Generating a Resource Controller

A complete resource controller can be created with:

php artisan make:controller ProductController –resource

This single command creates a controller with predefined method stubs such as:

  • index
  • store
  • show
  • update
  • destroy

These cover all CRUD operations required by most APIs.

Mapping Controller Methods to Actions

Laravel follows RESTful conventions that associate controller methods with specific HTTP verbs and routes:

  • GET /products → index
  • POST /products → store
  • GET /products/{id} → show
  • PUT/PATCH /products/{id} → update
  • DELETE /products/{id} → destroy

These conventions offer clarity, consistency, and clean coding architecture.

The Purpose of Each Resource Method

index

Retrieves and returns a list of resources.
Example: Show all products or paginate them.

store

Creates a new resource.
Example: Add a new product to the database.

show

Displays a single resource.
Example: Fetch details of a specific product.

update

Modifies an existing resource.
Example: Update a product’s price or description.

destroy

Removes a resource.
Example: Delete a product from the database.

Each method corresponds to a single responsibility, helping maintain clean architecture.

Why Use Resource Controllers for APIs?

Predictability

Developers know exactly where to place logic for a specific action, thanks to predictable RESTful conventions.

Reduced Repetition

Instead of writing multiple boilerplate methods manually, Laravel generates the full structure for you.

Consistency Across Projects

Resource controllers follow universal patterns used by developers worldwide.

Improved Collaboration

Front-end teams, backend developers, and mobile developers all benefit from standardized API structure.

Faster Development

Most CRUD actions are repetitive; resource controllers automate setup so you spend more time on essential logic.

Better Maintainability

Clean, organized method structure means easier debugging and refactoring.

Creating Resource Routes

Single Route Definition

Resource controllers work with resource routes:

Route::resource(‘products’, ProductController::class);

This single line creates all seven RESTful routes automatically.

API-Only Routes

For API development (no create/edit views):

Route::apiResource(‘products’, ProductController::class);

This removes unnecessary web-based routes and focuses only on API functionality.

Building a CRUD API: Step-by-Step

Step 1: Create the Model

php artisan make:model Product -m

This generates a Product model and a migration file.

Step 2: Define Table Structure

Inside the migration, you define fields:

$table->string(‘name’);
$table->decimal(‘price’);
$table->integer(‘quantity’);

After writing the schema:

php artisan migrate

Step 3: Create Resource Controller

php artisan make:controller ProductController –api

This generates an API-optimized controller.

Step 4: Define Routes

In routes/api.php:

Route::apiResource(‘products’, ProductController::class);

Step 5: Implement Controller Logic

Each method handles a specific CRUD action.

index example

Fetch all products or paginate them:

$products = Product::paginate(10);
return response()->json($products);

store example

Validate and store:

$request->validate([
‘name’ => ‘required’,
‘price’ => ‘required|numeric’,
‘quantity’ => ‘required|integer’
]);

$product = Product::create($request->all());
return response()->json($product, 201);

show example

$product = Product::findOrFail($id);
return response()->json($product);

update example

$product = Product::findOrFail($id);
$product->update($request->all());
return response()->json($product);

destroy example

$product = Product::findOrFail($id);
$product->delete();
return response()->json(null, 204);

Validation and Error Handling

Why Validation Is Important

APIs must always validate data. Invalid data can break your system, corrupt your database, or cause security vulnerabilities.

Laravel offers two main options:

  • Manual validation inside controller
  • Form Request validation

Form Request validation is ideal for large projects.

Example of API Validation

$request->validate([
‘name’ => ‘required|string’,
‘price’ => ‘required|numeric|min:0’,
‘quantity’ => ‘required|integer|min:1’
]);

This ensures clean and safe data enters your system.

Error Responses

API responses should be consistent. Laravel returns a JSON error automatically when validation fails.

You can customize error formats in form requests or exception handlers.

Using API Resources for Clean Responses

The Need for Response Formatting

Returning raw model data is not always ideal. API clients prefer structured, consistent responses.

Laravel’s API Resources help convert models into well-formatted JSON.

Example resource:

public function toArray($request)
{
return [
‘id’ => $this->id,
‘name’ => $this->name,
‘formatted_price’ => number_format($this->price, 2),
];
}

Returning Resource Collections

return ProductResource::collection(Product::paginate(10));

API Resources make output clean, organized, and scalable.

Pagination in CRUD APIs

Why Pagination Matters

Fetching thousands of records at once can slow down your app or overload client devices. Pagination solves this by loading smaller chunks.

Example:

return Product::paginate(10);

Laravel automatically returns pagination metadata, helping frontend developers build page navigation easily.

Handling Relationships in CRUD APIs

One-to-Many

Products may have many reviews.
Load data with:

Product::with(‘reviews’)->get();

Many-to-Many

Products may have multiple categories:

Product::with(‘categories’)->get();

Nested CRUD

You can create endpoints like:

GET /products/{id}/reviews

Resource controllers can be nested as:

Route::apiResource(‘products.reviews’, ProductReviewController::class);

This helps build clear API structures.

Updating Partial Data With PATCH

Full Update (PUT) vs Partial Update (PATCH)

PUT updates all fields.
PATCH updates only changed fields.

Example PATCH usage:

$product->update($request->only([‘price’]));

This prevents overwriting unwanted fields.

Soft Deletes in CRUD APIs

Enabling Soft Deletes

Add SoftDeletes trait in model.

Benefits

  • Deleted data is recoverable
  • Prevents permanent loss
  • Ideal for admin recovery systems

Querying Soft Deleted Data

Product::withTrashed()->get();

Resource controllers support this naturally.

Securing CRUD APIs

Authentication

All CRUD actions should require authentication.

Use middleware:

Route::apiResource(‘products’, ProductController::class)->middleware(‘auth:sanctum’);

Authorization

Policies determine which user can:

  • Create
  • Update
  • Delete

This prevents unauthorized use.

Optimizing CRUD APIs

Use Eager Loading

Avoid N+1 queries:

Product::with(‘categories’)->paginate(10);

Cache Heavy Endpoints

Cache::remember(‘products_list’, 300, function() {
return Product::all();
});

Limit Returned Columns

Use select to reduce data size:

Product::select(‘id’,’name’,’price’)->get();

Versioning Your APIs

Why Versioning Is Important

Over time, APIs evolve. Changing existing APIs may break older frontend or mobile apps.

Versioning helps maintain stability:

Route::prefix(‘v1’)->group(function() {
Route::apiResource(‘products’, V1\ProductController::class);
});

Testing CRUD APIs

Feature Tests

Laravel makes API testing simple:

$this->json(‘GET’,’/api/products’)->assertStatus(200);

Test Validations

$this->postJson(‘/api/products’, [])->assertStatus(422);

Test Individual Actions

Create, read, update, delete operations can be tested independently.

Testing ensures long-term stability.

Structuring Large Projects

For big projects, separate responsibilities:

  • Controllers handle request flow
  • Services handle business logic
  • Repositories handle database queries
  • Resources handle responses
  • Policies handle authorization
  • Form Requests handle validation

This clean architecture improves maintainability.

Common Mistakes Developers Make

Mixing Web and API Logic

Web controllers use views.
API controllers return JSON.

Never mix both.

Writing Logic Directly in Controllers

Move heavy logic to Services.

Returning Raw Data Without Resources

Always format responses.

Forgetting Validation

Never trust user input.

Ignoring Authorization

Access should always be validated.

Why Resource Controllers Are the Best Choice for CRUD APIs

Uniform structure

Every developer understands RESTful patterns.

Automatic route mapping

No need to write routes manually.

Clean method separation

Each action has its own dedicated method.

Easy to extend

Add new endpoints easily.

Highly maintainable

Code stays organized.

Faster development

Most boilerplate is handled automatically.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *