@kazzuya Well yes, it depends on your project and how you want to build. At the very least, your mobile app is going to need an API. To protect your API, you can use either Sanctum if you just simple token-based authentication, or Passport if you need to implement full OAuth authorisation.
For your website, you can either build it like “normal” where you have controllers returning Blade views. Or, if you did want to use your API to power both your mobile apps and your website, then you could build a SPA (Single Page Application). But this approach does have drawbacks that you need to wary of:
- If you build a SPA, you’re then moving rendering to the client (browser), and this can harm things like performance, SEO, etc.
- If you make a change to your API for your web app then you run the risk of breaking your mobile apps, and vice versa.
My personal suggestion would be to build the API, use the API for your mobile apps only, and keep that API stable. But this is just personal preference; I got into web development in the “progressive enhancement” era in the early 2000s, and you’ll find just as many people these days who will tug themselves silly telling you that you should be building a SPA instead.