Blog Detail


Limit Access to Your Laravel Apps by Using Invite Codes cover image

arrow_back Limit Access to Your Laravel Apps by Using Invite Codes

Ashley Clarke introduced a fantastic package called Doorman which provides a way to limit access to your Laravel applications by using invite codes.

Invite Codes:

  • Can be tied to a specific email address.
  • Can be available to anyone (great for sharing on social media).
  • Can have a limited number of uses or unlimited.
  • Can have an expiry date, or never expire.


You can pull in the package using composer:

$ composer require "clarkeash/doorman=^7.0"

Next, migrate the database:

$ php artisan migrate


Generate Invites

Make a single generic invite code with 1 redemption, and no expiry.


Make 5 generic invite codes with 1 redemption each, and no expiry.


Make an invite with 10 redemptions and no expiry.


Make an invite with unlimited redemptions and no expiry.


Make an invite that expires on a specific date.

$date = Carbon::now('UTC')->addDays(7);

Make an invite that expires in 14 days.


Make an invite for a specific person.


Alternatively, instead of calling make() which will return a collection of invites, you can call once() if you only want a single invite generated.

$invite = Doorman::generate()->for('')->once();

Redeem Invites

You can redeem an invite by calling the redeem method. Provide the invite code and optionally an email address.

// or
Doorman::redeem('ABCDE', '');

If the doorman is able to redeem the invite code it will increment the number of redemptions by 1, otherwise, it will throw an exception.

  • InvalidInviteCode is thrown if the code does not exist in the database.
  • ExpiredInviteCode is thrown if an expiry date is set and it is in the past.
  • MaxUsesReached is thrown if the invite code has already been used the maximum number of times.
  • NotYourInviteCode is thrown if the email address for the invite does match the one provided during redemption, or if one was not provided during redemption.

All of the above exceptions extend DoormanException so you can catch that exception if your application does not need to do anything specific for the above exceptions.

try {
    Doorman::redeem(request()->get('code'), request()->get('email'));
} catch (DoormanException $e) {
    return response()->json(['error' => $e->getMessage()], 422);


If you would prefer to validate an invite code before you attempt to redeem it or you are using Form Requests then you can validate it like so:

public function store(Request $request)
    $this->validate($request, [
        'email' => 'required|email|unique:users',
        'code' => ['required', new DoormanRule($request->get('email'))],

    // Add the user to the database.

You should pass the email address to the constructor to validate the code against that email. If you know the code can be used with any email, then you can leave the parameter empty.


To remove used and expired invites you can use the cleanup command:

$ php artisan doorman:cleanup

This package has a lot of other features that can help you. So if you want to explore the complete package details, You can visit its documentation and source code on Github.

Published at : 18-05-2022

Author : Rizwan Aslam
Rizwan Aslam

I am a highly results-driven professional with 12+ years of collective experience in the grounds of web application development especially in laravel, native android application development in java, and desktop application development in the dot net framework. Now managing a team of expert developers at Codebrisk.

Launch your project

Launch project