You need to extract only the token part (after the |) when using findToken()

Can you use this updated code?

use Laravel\Sanctum\PersonalAccessToken;

class AuthCheck
{
    /**
     * Handle an incoming request.
     *
     * @param  \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response)  $next
     */
    public function handle(Request $request, Closure $next)
    {
        // Extract the token from the request header or input
        $fullToken = "11|QC3NXdRq8mPUCVeAttMv8XxXoDTysRwRxLnfB6YLafcf585"; // Example token
        [$tokenId, $token] = explode('|', $fullToken, 2); // Separate the ID and the raw token

        // Find the token using the raw token
        $tokenInstance = PersonalAccessToken::findToken($token);
        if (!$tokenInstance) {
            return response()->json(['message' => 'Token not found', 'token' => $token], 401);
        }

        return $next($request);
    }
}

Check app/Http/Kernel.php for:

'api' => [
\Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
'throttle:api',
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],