Passport advice needed - consuming my own API

Hello, I'm working on a students alumni project.

I made an API that I consume on the back-end, using Laravel Passport, vue and axios it all works and looks wonderful.

Now I want to be able to send invites to students, so they can fill the required data themselves.

Workflow:

When the student click on a link from my email he can create his profile and after saving it he can't edit it again.

Problem:

My problem is with my API, how to give access to students who have this invites?

My thinking about the solution:

I thought to create one user in my Laravel app called Invites, generate a token for that user and consume my API with it, but the problem is that once someone has the token he can create data as many times he wants.

Should I tie a different user to every invite and consume my API with that token and make it invalid after?

Any advice will be highly appreciated.

Thanks in advance.