Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
I am developing an eCommerce system with multiple authentication frontend and admin, for frontend I used the default web guard and for admin I used the admin guard. And also developing an API for the frontend. My problem is for frontend the default API routes are worked but for admin guard, its doesn't work I used different table for each guard users(web) and admin(admins). When I try any below routes through admin guard with Axios it occur "unauthenticated"
<?php
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Route;
/*
|--------------------------------------------------------------------------
| API Routes
|--------------------------------------------------------------------------
|
| Here is where you can register API routes for your application. These
| routes are loaded by the RouteServiceProvider within a group which
| is assigned the "api" middleware group. Enjoy building your API!
|
*/
Route::post('v1/register', 'Auth\RegisterController@register');
Route::post('/login', 'Auth\LoginController@apiLogin');
Route::middleware('auth:api')->get('/user', function (Request $request) {
return $request->user();
});
Route::middleware('json', 'auth:api')
->namespace('Api\V1')
->prefix('v1')
->name('api.')
->group(function () {
Route::get('brands/datatable', 'Brand\BrandController@datatable')->name('brands.datatable');
Route::apiResource('brands', 'Brand\BrandController');
Route::apiResource('categories', 'Category\CategoryController');
Route::apiResource('products', 'Product\ProductController');
Route::apiResource('attributes', 'Attribute\AttributeController');
});
The 'auth:api' is a completely different authentication layer than the web and admin guard sessions. In general auth:api is stateless which works with some sort of token or header. They are not connected to the session guards.
So what is the solution if I login through admin guard.
Please or to participate in this conversation.