Allow unauthorized access to api, but not the rest of the website

Question

I have a website using Laravel + Sanctum. I have a mobile app that connects to the Sanctum served API. The website itself is hidden behind a htaccess basic auth, so I would like