Now you are all set, but one thing is you need a _token to access the protected url.
and you will get the _token once you are logged in. So we need a AuthController to login for the API.
Here is a sample AuthController under the Api namespace in the app/Http/Controllers directory.
How it works: If the user sends a POST request to this AuthController with email and password it will
response with a _token (like this $2y$10$/rUWXPY56sMsyYM6YNfEWea5IPO0xXeETDrAT0SS4dShk24H/fiZ6) then you can use
that _token to access any protected url like this
NOTE: You can pass the token via header, and in that case if you are to send the _token via header, in that case use tokeninstead of_token as the header key.