You should use api.php file for api routes, as they are not checked for csrf_token middleware by default in app/http/kernel.php:
protected $middlewareGroups = [
'web' => [
...
\App\Http\Middleware\VerifyCsrfToken::class,
...
],
'api' => [
'throttle:60,1',
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
CLICK HERE to find out more related problems solutions.