Whenever you need an authenticated user, you can place the zend-expressive-authentication AuthenticationMiddleware in your pipeline.


If you need all routes to use authentication, add it globally.

// In config/pipeline.php, within the callback:


For an entire sub-path

If you need all routes that begin with a particular sub-path to require authentication, use path-segregation:

// In config/pipeline.php.
// In the import statements:
use Zend\Expressive\Authentication\AuthenticationMiddleware;

// In the callback:
$app->pipe('/api', $factory->path(

For a specific route

If you want to restrict access for a specific route, create a route-specific middleware pipeline:

// In config/routes.php, in the callback:

        HandlerRequiringAuthentication::class, // use your own handler here

Found a mistake or want to contribute to the documentation? Edit this page on GitHub!