Level 50
I'd try to make the APIs client-agnostic. There's no need to maintain separate sets of endpoints that do the same thing. Only create separate controllers when needed, e.g. if you use different login flows on native apps and browsers.
As for the controller directory structure, it doesn't matter much until your app grows big. Just make it make sense, you can always refactor it later. I usually put authentication/authorization stuff under Auth, admin endpoints under Admin etc.
1 like