I am working on another application that is using AngularJS on the front end, and is using Laravel as a RESTful back end. The application is pulling some information from the API for guests who visit the site. I was wondering if there was a way to secure the API routes from direct access using a token or something between the front end and back end. I would prefer that the only way to access the API routes was through the Angular front end, but the visitors will not actually have an account. Is there any way anyone knows to achieve this?
Look at the Passport package that ships with Laravel. You can grant different levels of OAuth tokens for your users based on roles and access level through the site. In conjunction with Policies you should have no problem securing everything you need. Documentation on Passport:
https://laravel.com/docs/5.4/passport
Particularily look at personal access tokens with scopes, that will give you the fine tuned control you are looking for.
https://laravel.com/docs/5.4/passport#personal-access-tokens