Share business logic and database for two apps using a plugin

For my app I need a Rest API and a web application. I’m struggling with the authentication, which should be Form for the web application, and Basic for the REST API. I’m using the CakeDC Users-plugin. If I have understood correctly, it’s not optimal to have both auth-mechanisms in one app.

The apps can have different urls, for example: for the Form-auth, and

The apps should share the same business logic and database, only the auth-mechanism should be different (or possibly other things in the future). This is for avoiding repeating code.

Can I solve this with one plugin to implement it in both apps, which have different auth-mechanisms? Is this considered good practice?

If so, can someone provide me with a good example, or explanation, on how to do this? Eventually, come woth suggestions of a better way to do this.

Thank you in advance