0👍
Rather than relying on a CSRF token, you probably want full API authentication with something like Laravel Sanctum. Implementing Sanctum will help you protect your API effectively (including from CSRF attacks).
If you really do want to require a CSRF token in the header, you can implement that by adding custom middleware to those routes that would check for the CSRF token. You can look at the VerifyCsrfToken middleware as a starting point. Typically, the X-CSRF-TOKEN header is used to pass the CSRF token in a request.
Finally, you could potentially just use the built-in VerifyCsrfToken middleware if you choose to convert your /third-party/unsplash route from a GET to a POST.
All-in-all, I think using a more robust solution like Sanctum will serve you well and prevent other potential issues that you might not have thought of yet.
- [Vuejs]-How to make splitting two date ranges with nested functions and making a request to the API with Javascript
- [Vuejs]-Uncaught (in promise) TypeError: obj.filter is not a function