I'm just wondering what is the best route to use when we use SPA approach with Laravel.
Should I use web routes or api routes?
Considering that it will also have a mobile app, so automatically I also have to create APIs for the mobile, so obviously I should use the api route it?
Will it not look messy if I combine the APIs for my SPA, and the APIs for mobile app?
Regarding authentication, it is automatically a stateless app so I have to also generate a token. Where should I save it, database or localStorage?
You should separate web and api routes since they use different middleware and authorizations.
But for mobile app and SPA, or anything else that use API, you can have one single API. The authorizations change for mobile app compared to SPA (Statefull vs Stateless). I suggest to check Laravel Sanctum https://laravel.com/docs/7.x/sanctum which can be used for both mobile app and SPA. The docs should give you answers to all your questions.
Yes, if you need OAuth you should use Passport.
Sanctum uses a different (and less complex) approach. Note that, regarding question 4, Sanctum can actually make stateful authentication for SPAs.
