Example

// Example : within this code we allow only the Admins to send bulk mesages 

    public function sendBulkNotification(Request $request)
    {

        // Get the authenticated user
        $authenticatedUser = Auth::user();

        // Check if the authenticated user is an admin
        $isAdmin = DB::table('admins')
            ->where('user_ID', $authenticatedUser->user_ID)
            ->exists();

        // If not an admin, deny access
        if (!$isAdmin) {
            return response()->json([
                'message' => 'Unauthorized. Only admins can update professional profiles.'
            ], 403);
        }

///
///
/// Other Codes that needed to happen comes After the valdation of the user type
///
///
        $request->validate([
            'type' => 'required|in:meeting,payment,general',
            'message' => 'required|string|max:255',
            'user_type' => 'nullable|in:Customer,Professional,Admin',
            'start_user_ID' => 'nullable|integer',
            'end_user_ID' => 'nullable|integer',
        ]);

Laravel API Restriction Bsed on User Type of Auth Token

Laravel API Restriction Bsed on User Type of Auth Token

// import this at the head of the code file  
use Illuminate\Support\Facades\Auth;


// Check if the authenticated user is an admin
        $isAdmin = DB::table('admins')
            ->where('user_ID', $authenticatedUser->user_ID)
            ->exists();

        // If not an admin, deny access
        if (!$isAdmin) {
            return response()->json([
                'message' => 'Unauthorized. Only admins can update professional profiles.'
            ], 403);
        }
        
        
// please refer the example bellow