API

How to properly organize API access in your application?

Good afternoon. Our enterprise has one software in which we store some data about employees (what and how is not important). Communication with the developers has long been lost and the old functionality does not suit, and it looks miserable.
Taking the initiative into a fist (just kidding, I just "turned off" from my main job ... it also doesn't matter because of what) it was decided to write software for me and my good friend / colleague.
We take the following stack:
Laravel + Laravel Passport - For Backend API
ElectronJS + VueJS - for Frontend.
The problem is that I really did not work with Laravel Passport and with the API in general. Also I do not know as what variant of authorization to use. As I understand it, there are several types of authorization in Passport.
We will have a registration in which the user registers and for a certain ruble buys access with certain rights (only view, + with the ability to edit, supplement, etc.), i.e. with many rights in different "tariffs". I hope you understand...
This is where the question catches me: what authorization method is best suited for my task (by login and password, by token, etc.) and how best to register rights?
PS: The program will be one for all, but each user / program will have a unique login and password with certain rights. They will receive data from the same API server.
PS: Please do not write "why do you need this", "make it simpler", "why pay for access", etc. So it's just necessary.
Thanks in advance!