I'm reading the book: Build APIs You Won't Hate, and it propose several Authentication methods:
Using JWT is a good practice for securing APIs it is not a mistake as far as I'm concerned.
But as Laravel 5.3 is now released and we have a Laravel Passport (OAuth2 Server) for API authentication which would be very help full to you I think.
You could refer the Laravel 5.3 release note for the document. Also Laracast has a free video tutorial explained in detail.