Laravel

Why might $except in \Middleware\VerifyCsrfToken not work in Laravel?

routes/web.php has this code

Route::match(['get','post'], '/api', 'Api\[email protected]');

Controller

namespace App\Http\Controllers\Api;
use Illuminate\Http\Request;
use App\Http\Controllers\Controller;
class ApiController extends Controller
{
    public function index(Request $request) {
echo '123';
    }

In VerifyCsrfToken

namespace App\Http\Middleware;
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier;
class VerifyCsrfToken extends BaseVerifier
{
    protected $except = [
        '/api'
    ];
}

But for some reason a GET request opens a route. And the post gives an error.
What could be? where to dig?