Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

UntitledDocument01's avatar

Handling API requests from website, mobile, and third-party apps (public)

I'm looking to separate my frontend and backend CRM application.

I plan to have 3 entry points: web (Laravel + Livewire), mobile (iOS/Android), and third-party apps (Zapier integrations or direct).

I need to consider that my third-party apps and mobile app entry points will not have access to all API endpoints, like billing & subscriptions. This will need to be managed via website only.

Should I use Laravel Passport for all 3 entry points, or should I use Passport for just third-party apps and Sanctum for web & mobile?

Should I have a single API server that handles all three entry points based on routes and scopes like this:

Route::middleware(['auth:sanctum', 'scope:web'])->group(function () {}
Route::middleware(['auth:sanctum', 'scope:mob'])->group(function () {}
Route::middleware(['auth:api', 'scope:public'])->group(function () {}

or have web & mobile separate from third-party apps? If the later, should each entry point have its own API server?

0 likes
1 reply
vincent15000's avatar

You have 3 entry points :

  • Laravel / Livewire

  • iOS / Android

  • Zappier

I would have said that you have a Laravel Livewire application for which you need to let external applications like a mobile one or Zappier access to the datas via an API.

Laravel / Livewire doesn't need any API, so you have a specific code for Livewire.

Then you need another code for the API. And you protect the API with Sanctum. In several cases, Sanctum is sufficient.

In such cases, I proceed like this :

  • develop a backend in API mode

  • develop a frontend for the website (with VueJS for example)

  • develop a mobile application

So the website and the mobile application and other third party applications have access to the API. The advantage is that you don't need to have a Livewire code AND an API code for the backend.

Then you need for example to give access to billing only for the website entry. You can do that via a middleware, it's a good idea.

Please or to participate in this conversation.