How to use JUST an api_token as verification instead of login details

I am trying to send a JSON object from one server to my laravel Project via cURL, however I keep getting an error message saying that I am not authenticated.

I have the standard Auth Controllers implemented.

In my laravel project, I have created a user called "shop" and it has an api_token, which is stored in the users table.

I want to be able to write something like:

curl -X POST https://returns.jdoe.blah.test/api/createReturn \
  -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer xxxxxxxxxxxxxxxxxxxxxxxx" \
  --data '{"orderId":"12345", "customerNr":"98765"}'

In api.php:

Route::post('/createReturn', 'ProductReturnsController@createReturn');

By the way, should this route be in api.php or web.php? I'm a bit confused as to where it should go.

In ProductReturnsController.php:

public function createReturn(Request $request)
{
    $var = $request->input('orderId');
    echo $var;
}

I have been sat on this issue for weeks and I have no idea how to solve this :/.

Any help would greatly be appreciated :).