

Several real life applications require different types or roles of users. Say a mentor and a mentee.

You can achieve different protected route groups:

  • one that only allows mentors (Authenticated users of type mentor)
  • one that only allows mentees (Authenticated users of type mentee)
    by creating a middleware for each of these 2 (or 1 middleware with an argument):

class MentorAuthMiddleware
    public function handle($request, Closure $next)
        $user = \Auth::user();

        if (!$user || $user->type !== 'mentor') {
            return response()->error('Not Authorized', 401);

        return $next($request);

class MenteeAuthMiddleware
     * Handle an incoming request.
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
    public function handle($request, Closure $next)
        $user = \Auth::user();

        if (!$user || $user->type !== 'mentee') {
            return response()->error('Not Authorized', 401);

        return $next($request);


Don't forget to add these middlewares to your Http Kernel.

And then you can use them in your routes.php:


//Public endpoints
$api->group([], function ($api) {

//Protected endpoints (Mentor or Mentee)
$api->group(['middleware' => 'api.auth'], function ($api) {

//Protected: Mentor only
$api->group(['middleware' => ['api.auth', 'auth.mentor']], function ($api) {

//Protected: Mentee only
$api->group(['middleware' => ['api.auth', 'auth.mentee']], function ($api) {