Laravel API Authentication: Protecting Routes

Route::get('/user', function () {
    //
})->middleware('auth:api');

$response = $client->request('GET', '/api/user', [
    'headers' => [
        'Accept' => 'application/json',
        'Authorization' => 'Bearer '.$accessToken,
    ],
]);