When you're building a Laravel application, it's tempting to reach for abort() whenever something goes wrong, let's take a flight booking app. trying to check a user in to a flight:

abort(422, 'Passenger has already checked in.');
abort(403, 'Boarding has closed for this flight.');
abort(404, 'Booking not found.');

For a quick controller method, this feels fine. But as your application grows — with services, actions, jobs, and console commands all sharing the same business logic — those abort() calls start to become a problem.

The Problem with `abort()` Everywhere

The abort() helper works by throwing an HttpException and is designed for HTTP contexts. The moment your business logic lives outside a controller — in an action class, a service, a queued job, or a CLI command — abort() becomes the wrong tool entirely.

Consider a CheckInAction that might be called from:

A controller handling a web or API request
A Filament action button for airport staff
(Okay, British Airways probably aren't using Filament, but there's a much better chance that your app is!)
A queued job processing an automated check-in

If that action calls abort(422, 'Seat is no longer available'), it works fine from a controller, but it's semantically wrong from a job or command — and if you ever write a unit test for it, you'll be asserting against HttpException instead of something that actually describes your domain.

There's a better way.

Custom Exceptions as Domain Signals

The pattern has three parts:

A base exception for each domain concept, with a getKey() method that maps the failure to a form field
Concrete exception classes that extend it, one per failure scenario
A controller catch that converts any domain failure into a ValidationException — giving the frontend a consistent, familiar error shape

This keeps HTTP concerns out of your business logic entirely, while ensuring the controller can surface errors to users in a way they'll understand.

Here's what that looks like for a flight check-in system.

Step 1: Define a Base Exception

All check-in failures extend a common base class. The key design decision here is getKey(): each exception knows which form field it relates to, so when the error surfaces as a validation message, it can target the right field.

// app/Exceptions/CheckInException.php
namespace App\Exceptions;

use RuntimeException;

abstract class CheckInException extends RuntimeException
{
    abstract public function getKey(): string;
}

Step 2: Define Your Concrete Exceptions

Create a dedicated class for each failure scenario. Each one knows its message and its key:

// app/Exceptions/CheckIn/AlreadyCheckedInException.php
namespace App\Exceptions\CheckIn;

use App\Exceptions\CheckInException;

class AlreadyCheckedInException extends CheckInException
{
    public function __construct(string $bookingReference)
    {
        parent::__construct(__("Booking :bookingReference has already been checked in.", [
            'bookingReference' => $bookingReference,
        ]));
    }

    public function getKey(): string
    {
        return 'booking_reference';
    }
}

// app/Exceptions/CheckIn/BoardingClosedException.php
namespace App\Exceptions\CheckIn;

use App\Exceptions\CheckInException;

class BoardingClosedException extends CheckInException
{
    public function __construct(string $flightNumber)
    {
        parent::__construct(__("Boarding has closed for flight :flightNumber.", [
            'flightNumber' => $flightNumber,
        ]));
    }

    public function getKey(): string
    {
        return 'flight';
    }
}

// app/Exceptions/CheckIn/SeatUnavailableException.php
namespace App\Exceptions\CheckIn;

use App\Exceptions\CheckInException;

class SeatUnavailableException extends CheckInException
{
    public function __construct(string $seatNumber)
    {
        parent::__construct(__("Seat :seatNumber is no longer available.", [
            'seatNumber' => $seatNumber,
        ]));
    }

    public function getKey(): string
    {
        return 'seat_number';
    }
}

// app/Exceptions/CheckIn/DocumentsIncompleteException.php
namespace App\Exceptions\CheckIn;

use App\Exceptions\CheckInException;

class DocumentsIncompleteException extends CheckInException
{
    public function __construct(array $missingDocuments)
    {
        $list = implode(', ', $missingDocuments);
        parent::__construct(__("Check-in cannot proceed. Missing documents: :list.", [
            'list' => $list,
        ]));
    }

    public function getKey(): string
    {
        return 'documents';
    }
}

Step 3: Throw Them in Your Business Logic

Your action takes plain data — a Booking model and a seat number — with no knowledge of where that data came from. It just describes a business process and throws domain exceptions when that process can't continue.

A nice way to structure this is to extract each guard into a private assertX() method. The handle() method then reads like a checklist of preconditions, and each private method carries a @throws docblock so your IDE knows exactly which exceptions can bubble up from each call:

// app/Actions/CheckInAction.php
namespace App\Actions;

use App\Exceptions\CheckIn\AlreadyCheckedInException;
use App\Exceptions\CheckIn\BoardingClosedException;
use App\Exceptions\CheckIn\DocumentsIncompleteException;
use App\Exceptions\CheckIn\SeatUnavailableException;
use App\Models\Booking;

class CheckInAction
{
    private Booking $booking;
    private string $seatNumber;

    /**
     * @throws AlreadyCheckedInException
     * @throws BoardingClosedException
     * @throws DocumentsIncompleteException
     * @throws SeatUnavailableException
     */
    public function handle(Booking $booking, string $seatNumber): void
    {
        $this->booking = $booking;
        $this->seatNumber = $seatNumber;

        $this->assertNotAlreadyCheckedIn();
        $this->assertBoardingHasNotClosed();
        $this->assertDocumentsAreComplete();
        $this->assertSeatIsAvailable();

        $this->booking->update([
            'seat_number'   => $this->seatNumber,
            'is_checked_in' => true,
            'checked_in_at' => now(),
        ]);
    }

    /**
     * @throws AlreadyCheckedInException
     */
    private function assertNotAlreadyCheckedIn(): void
    {
        if ($this->booking->is_checked_in) {
            throw new AlreadyCheckedInException($this->booking->reference);
        }
    }

    /**
     * @throws BoardingClosedException
     */
    private function assertBoardingHasNotClosed(): void
    {
        if ($this->booking->flight->boarding_closed_at->isPast()) {
            throw new BoardingClosedException($this->booking->flight->number);
        }
    }

    /**
     * @throws DocumentsIncompleteException
     */
    private function assertDocumentsAreComplete(): void
    {
        $missingDocs = $this->booking->passenger->missingDocuments();

        if (!empty($missingDocs)) {
            throw new DocumentsIncompleteException($missingDocs);
        }
    }

    /**
     * @throws SeatUnavailableException
     */
    private function assertSeatIsAvailable(): void
    {
        if (!$this->booking->flight->isSeatAvailable($this->seatNumber)) {
            throw new SeatUnavailableException($this->seatNumber);
        }
    }
}

The handle() method is now a clean sequence of named preconditions — no inline conditionals, no throw statements cluttering the main flow. And because each assertX() method declares what it throws, your IDE can surface the full set of possible exceptions at any call site without you having to trace through the implementation.

Bonus: Extract Shared Assertions into Traits

If multiple actions, controllers, jobs, or commands all need to make the same assertion, extract it into a trait:

// app/Concerns/AssertsSeatIsAvailable.php
namespace App\Concerns;

use App\Exceptions\CheckIn\SeatUnavailableException;

trait AssertsSeatIsAvailable
{
    /**
     * @throws SeatUnavailableException
     */
    private function assertSeatIsAvailable(): void
    {
        if (!$this->booking->flight->isSeatAvailable($this->seatNumber)) {
            throw new SeatUnavailableException($this->seatNumber);
        }
    }
}

Then any class that needs it just pulls it in:

class CheckInAction
{
    use AssertsSeatIsAvailable;

    // ...
}

class UpgradeSeatsAction
{
    use AssertsSeatIsAvailable;

    // ...
}

The @throws docblock travels with the trait, so your IDE still knows what can bubble up — and the assertion logic lives in exactly one place.

Step 4: Catch at the Base Class in Your Controller

The controller catches CheckInException — the base type — and converts it into a ValidationException. It doesn't need to know about individual exception types. Each exception already carries its own key and message:

// app/Http/Controllers/CheckInController.php
namespace App\Http\Controllers;

use App\Actions\CheckInAction;
use App\Exceptions\CheckInException;
use App\Http\Requests\CheckInRequest;
use App\Models\Booking;
use Illuminate\Validation\ValidationException;

class CheckInController
{
    public function __invoke(CheckInRequest $request, Booking $booking, CheckInAction $action)
    {
        try {
            $action->handle($booking, $request->seat_number);
        } catch (CheckInException $e) {
            throw ValidationException::withMessages([$e->getKey() => $e->getMessage()]);
        }

        return response()->json(['message' => 'Check-in successful.']);
    }
}

The beauty of converting to ValidationException is that the frontend gets Laravel's standard error shape:

{
    "message": "Seat 14A is no longer available.",
    "errors": {
        "seat_number": ["Seat 14A is no longer available."]
    }
}

Your frontend almost certainly already knows how to handle this — it's the same shape produced by form request validation. The seat_number field gets highlighted, the message appears in the right place, and nothing special needs to be wired up on the client side.

The Payoff: Other Callers Handle What They Care About

Because the exceptions are plain domain objects, every other caller can handle them in a way that makes sense for its context.

A queued job might catch specific exceptions to decide whether to retry:

public function handle(CheckInAction $action): void
{
    try {
        $action->handle($this->booking, $this->seatNumber);
    } catch (SeatUnavailableException $e) {
        // Try to assign a different seat instead
        $this->reassignSeat();
    } catch (BoardingClosedException $e) {
        // No point retrying — fail cleanly
        $this->fail($e);
    }
}

A Filament action can notify staff inline without any HTTP wiring:

Action::make('checkIn')
    ->action(function (Booking $record) use ($action) {
        try {
            $action->handle($record, $record->requested_seat);
        } catch (CheckInException $e) {
            Notification::make()
                ->title('Check-in failed')
                ->body($e->getMessage())
                ->danger()
                ->send();
        }
    })

A unit test asserts exactly the right thing failed:

public function test_cannot_check_in_twice(): void
{
    $booking = Booking::factory()->checkedIn()->create();

    $this->expectException(AlreadyCheckedInException::class);

    (new CheckInAction)->handle($booking, '14A');
}

None of these callers are dealing with HttpException or status codes. They catch what went wrong in terms their context understands.

Why Not Just Use the Global Exception Handler?

You might wonder why the controller does the catching rather than registering everything in Handler.php (or bootstrap/app.php in Laravel 11+). Both approaches work, but the controller catch has some advantages:

It keeps the response format decision local. The ValidationException format is a deliberate choice for this endpoint. A different controller — say, one used by an internal dashboard — might want a different response shape. If you centralise the rendering in the handler, that choice is global.

ValidationException plays nicely with the frontend for free. Rather than crafting a custom JSON response, you get Laravel's standard error structure, which most frontend frameworks and validation libraries already handle.

The handler is better for cross-cutting concerns. Logging, reporting to Sentry, returning a generic 500 page — those belong in the global handler. The specifics of how a particular endpoint surfaces domain errors belong with the controller.

Summary

Approach	Where it belongs	Downsides
`abort(422, '...')`	Quick controller code only	Ties business logic to HTTP; breaks outside controllers
Custom exception + global handler	Cross-cutting HTTP rendering	Response format is global; harder to vary per endpoint
Custom exception + controller catch → `ValidationException`	Domain logic called from controllers, jobs, and commands	Slightly more setup, but the right separation of concerns

The pattern is a small upfront investment that pays off the moment your business logic is called from anywhere other than a controller. Your actions stay clean, your tests become precise, and your frontend gets a consistent error format without any custom wiring — because ValidationException is already the shape it expects.

☁️ Cloud & DevOps

Django ORM Mastery: Mastering Efficient Database Queries with select_related and prefetch_related

Escaping Containers Now Threaten Cloud Security Like Agent Workloads

Twio Picks Vertex AI Search Over pgvector for High-Stakes Production Workload

Dockerfile Builder: a small tool that solves a specific problem

The Matrix of Real-Time: Building WebSocket Apps for Chat, Notifications, and Live Updates

Cloud Monitoring Elevated with GoAccess - Streamlining Server Logs Seamlessly

Indian Engineers Unveil 64-Tool Arsenal for Smarter AI Decision-Making

Automating SSH Key Permission Management to Address Overly Open Access

FFmpegKit is retired — here's how to fix your Android build (NDK r26c patch)

I built an agent health checker, then it flunked itself — here's the audit

Indian Web Firms Embrace Secure Cloud Hosting as Default Setup

AStarGrid2D in Godot 4: the gotchas, and an interactive sandbox

Laravel Cloud Apps Get a Boost with Customised Error Control Systems

Bash: Brace expansion

Cloud Model SuSiE Bares Soul: 95% Confidence Threshold Explored

NOONFALL: An Enchanting Solstice Game Set in an Eternal Twilight City

Most AI Agents Aren't in Production. Here's What Works.

Migrating from NextAuth to Better Auth in Next.js (and What the Boring Parts Actually Are)

Turning a Base M4 Mac Mini Into an Always-On Automation Box

Why Statistics is the Real Backbone of Data Science

Inside the CVE List: How Vulnerabilities Get Their ID Cards

Unlocking Scalability: Inside Cloud's Most Elusive Load Balancing Secrets

Why I Migrated From GPT-4o to DeepSeek — A Backend Engineer's Notes

Cloud Security Alert: Severity-Based CVE Risk Management Takes Center Stage