Laravel password is not like sanctum (which I though it would be somewhat similar but no).

You don't need to get csrf cookie, but need to setup a few codes for the login api. You'll need to add grant_type, client_id & client_secret and pass it as data in the url.

const loginData = {
    grant_type: 'password',
    client_id: 'your_client_id',         // Replace with your client ID
    client_secret: 'your_client_secret', // Replace with your client secret
    username: email,               // The user's email
    password: password,
    scope: '',                           // Optional
  };

try {
    const response = await axios.post('http://localhost:8000/oauth/token', loginData, {
      headers: {
        'Content-Type': 'application/json',
      },
    });

Only login api needs that, the rest of api no need bcuz here is where access token is being generated.

You maybe asking where to get the client_id & client_secret, that's in the laravel documentation (pls read)