0👍
You might be missing csrf token.
Try adding it to your header
headers: {
'Content-Type': 'application/json',
'Accept': 'application/json',
'X-CSRF-TOKEN': $('meta[name="csrf-token"]').attr('content')
}
Or you could alternatively exclude this route vie adding it to $exclude array on csrf middleware.
Source:stackexchange.com