JWT (Json Web Token) has long been invented for API authorization. JWT is base-64 encoded json object consisting of headers, payload and signature hash. In the payload, you can put all the information that you do not want to run to the database, username, role, etc. The authenticity of the token is guaranteed by the signature. The token is signed on the backend, upon creation, with your secret string. There is a package for Laravel .
JWT website - https://jwt.io

The API cannot have sessions. We need to stop reinventing the wheel and take, for example, Passport.
If there is no opportunity to use Passport, then you need to stop worrying about requests to the database.
If you really want to break all generally accepted conventions and use sessions, then you need to go and read about them in the documentation.

In any case, the session will be drawn from somewhere by some key. This "some key" will live in the cookie, which already breaks the benefits of the token API. Moreover, according to this "some key" data will be pulled from some kind of radish. Better than from the base, but still not instantly.
Do you have millions of users on the site at the same time? Hundreds of millions of visits a day? Not? Then forget.
It will be much easier for you to scale vertically / horizontally than to write the entire authorization on some crutches (cookies). And take laravel-passport.