I want to provide API for two banks (machine to machine). AFAIK the best grant type for this purpose is Client Credentials. But how can I restrict bank A to access only ControllerA and bank B to access only ControllerB?
it doesn't seem right to create two user for these banks!
You can use middleware (https://laravel.com/docs/5.7/middleware#assigning-middleware-to-routes) like the ‘checkRole’ example and optionally, use token scopes (https://laravel.com/docs/5.6/passport#token-scopes), to protect your routes.