Authentication middleware: split auth in JWT API and classic webapp part?

Referring to: https://book.cakephp.org/authentication/1.1/en/index.html

My application consists of a classic webapp part and some APIs for the Javascript frontend. The webapp implements Session-, Cookie- and Form-authentication. The API uses JWT and lives under an “api/” URL prefix.

Form and Cookie can be targeted by an UrlChecker, but not Session and JWT? Do I miss an obvious setup pattern, which separates both auth realms?

[edit] Here’s the actual place in the code where I put in some quick and dirty Copy&Paste solution: 1. Is there a better way doing that?