I am using passport in laravel for authenticating my users in APIs. I am able to authenticate different types of users from different tables and generating different token for them but the routes are not protected. For example.
A user can access the routes like this

Route::group(['middleware'  =>  'auth:api'], function () {
    Route::group(['prefix'  =>  'v1'], function () {
        Route::get('get-seller-list','API\v1\SellersController@index');
    });
});

and A doctor can access the routes like

Route::group(['middleware'  =>  'auth:sellers'], function () {
    Route::group(['prefix'  =>  'v1'], function () {
    Route::get('get-seller-detail','API\v1\TestController@getDetails');
    });
});

but this middleware check doesn't seem to be working as I can access all the routes for sellers even if I have passed the token generated for api in Bearer header.

My config/auth.php looks like

'guards' => [
        'user' => [
            'driver' => 'session',
            'provider' => 'users',
        ],

        'seller' => [
            'driver' => 'passport',
            'provider' => 'sellers',
        ],

        'admin' => [
            'driver' => 'session',
            'provider' => 'admins',
        ],

        'web' => [
            'driver' => 'session',
            'provider' => 'users',
        ],

        'api' => [
            'driver' => 'passport',
            'provider' => 'users',
        ],
    ],

I think you have problem in middleware routes so follow this article

The auth:api middleware will handle the passport token authentication and the sellers middleware will check if users are sellers. I think you are getting mixed up with the way the middleware is set up.

This sort of depends on how you have your user types set up but in your sellers middleware you can check for User types / roles:

<?php

namespace App\Http\Middleware;

use Closure;
use Illuminate\Contracts\Auth\Guard;

class Sellers

/**
 * The Guard implementation.
 *
 * @var Guard
 */
protected $auth;

/**
 * Create a new filter instance.
 *
 * @param  Guard  $auth
 * @return void
 */
public function __construct(Guard $auth)
{
    $this->auth = $auth;
}

/**
 * Handle an incoming request.
 *
 * @param  \Illuminate\Http\Request  $request
 * @param  \Closure  $next
 * @return mixed
 */
public function handle($request, Closure $next)
{
    if ($this->auth->user()->is_seller) {
        return $next($request);
    }

     return response()->view('errors.401', [], 401);
}

Then you can set your route up to use both auth:api and sellers middleware:
So now if a normal user tries to access the get-seller-detail route it will return a 401 unauthorized error and if a seller tries to access this route it will proceed to the code for that route as normal.