SPA/User Auth from nodejs app

So here is my problem and hope someone can advise..

I am building out a SPA application which is using SSR (server side rendering) on top of nodejs. This node server will act as the front end of the site, it will sit on a completely different server to the api which of course will be Laravel.

My problem is how can I secure the API to my node app when the app does not require a user to be logged in. It maybe easier to describe an example project. So lets say I was building a booking.com clone.. People need to be able to search for hotels but not being logged in. But then a person may log into there account to view there bookings etc.

Its like the API needs two types of Auth.. Anyone else come across this sort of issue or perhaps I am looking at it wrongly?

Thanks for any advice.