JWT is configured as an Auth provider for dingo/API in
This allows you to use the
api.auth middleware for authenticated routes.
If the user is not logged in (or the Authorization header was missing), they won't have access to this endpoint.
Feel free to create your own middleware if you'd like to add more complexity.
Updated less than a minute ago