Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
My Laravel application has an API(students) and a web portal(admins). students register via API. Admin users are generated by a super admin. They login via the admin portal. App\User model has been used to facilitate both types of users with the Spatie Laravel Roles and Permissions.
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'token',
'provider' => 'users',
'hash' => false,
],
]
The problem is that the users who registered from the API can login via Web portal. But after login they cannot do anything because the web routes are having a role based middleware.
// web.php routes
Auth::routes(['register' => false]);
Route::group(['middleware' => ['role:admin']], function () {
Route::resource('classes', 'WEB\ClassController');
Route::resource('teachers', 'WEB\TeacherController');
});
// api.php routes
Route::post('register', 'API\RegisterController@register');
Route::post('login', 'API\LoginController@login');
Route::group(['middleware' => 'auth:sanctum'], function () {
Route::resource('papers', 'API\PaperController');
Route::resource('marks', 'API\MarkController');
});
What can I do to handle this situation?
If I've understood you correctly, you would like the students to be able to access the routes that is in the ['middleware' => ['role:admin']] if so, have you thought about trying to add something like this ['middleware' => ['role:admin', 'role:student]]`
I want to restrict students from signing in from the web portal. Because the students only use the API. web portal is for admins only
Please or to participate in this conversation.