Allowing access to API via token and session

I think this is your answer:

https://mattstauffer.com/blog/multiple-authentication-guard-drivers-including-api-in-laravel-5-2/

e.g.

    'api-user' => [
        'driver' => 'token',
        'provider' => 'users',
    ],

then protected your user api with the associated middleware: ->middleware('auth:api-user')

just like the api.php routes:

Route::middleware('auth:api')->get('/user', function (Request $request) { return $request->user(); });

I dont think you need to create your custom auth service provider as you are reusing the token guard.

I do wonder if you need another route defined to use the new guard. as in:

Route::get('money', 'SomeController@index')->middleware('auth'); //web users

Route::get('user-api-money', 'SomeController@index')->middleware('auth:api-user') //api users

??

Thanks I tried, but something seems missing. Auth::check() does not work - user is not logged in. If I add guard('auth:api') or any other still does not work.

However, I found the easier solution. routes.php uses web guard, and my api_routes uses api guard. web guard is session and api guard is token.

So I moved APIs that need to use session for authorisation to routes.php and left APIs that need to use token for authorisation in api_routes.php. This works exactly as I need. I hope it will help someone in the future.

what about latest laravel 8 ? this post is 3 years ago