Frontend and API authentication

I have a Vue frontend talking to the backend via axios. Those routes are authenticated with web middleware and it works nicely. However, I now need to communicate to those same backend routes via API from the CLI tool. I’m using Guzzle to communicate from CLI to the API endpoints.

I was thinking of adding api_tokens table where I’d have all tokens for a user, then user can store this token in a .tokens file on his filesystem. Guzzle would load this token from the file and add an authorization header to each request, then I’d put an additional middleware (next to ‘auth’) to the backend route and check for that token in a header. If the token is okay, I’d just do Auth::once($userAssociatedWithToken). Would this be okay? As I’m not at all familiar with token security, is this secure? Tokens would be generated with Str::random(60). Not to mention my backend routes don’t need CSRF verification because Vue injects it automatically. I would need to solve this for API communication as well.

Could this somehow be replaced with Passport? My main problem is the fact that I need to access the same routes from the web frontend (authenticated with session) as well as API.

How would you guys go about doing this? Should I just dump the web middleware and authenticate with Passport on the frontend as well?