htaccess – rewriting API requests to "api.php" and other requests to "web.php"

# Non-API requests
RewriteCond %{REQUEST_URI} !^/react/api/
RewriteRule ^([^/]+)$ routes/web.php?controller=$1 [QSA,L]

this worked, but when i have this kind of url ‘localhost/react/client/something’ it didn’t work

Because the regex ^([^/]+)$ only matches URLs with a single path segment. eg. /foo and /bar, but not /foo/bar or /client/something (your example).

It also doesn’t match the directory itself (an empty URL-path), so requests for localhost/react/ would also fail.

However, you do need an an additional rule (or condition) to prevent an additional pass by the rewrite engine. Or use the END flag (Apache 2.4) instead of L. Without this, an additional loop by the rewrite engine results in either:

1. the request being rewritten to routes/web.php a second time, at which point the rewrite engine terminates.
2. OR, rewritten requests to routes/api.php end up being rewritten to roues/web.php instead during the 2nd pass.

For example, use something like the following instead:

# /react/.htaccess

RewriteEngine On

# Fail early if "api.php" or "web.php" already requested
RewriteRule ^routes/(api|web).php$ - [L]

# API requests
RewriteRule ^api/(.*) routes/api.php?controller=$1 [QSA,L]

# Non-API requests
RewriteRule (.*) routes/web.php?controller=$1 [QSA,L]

(Although, it would seem from your existing answer that the controller=$1 query string is not required on the second rule. In which case, the QSA flag is not required either, since the query string is passed through by default.)

Note also that since the .htaccess file would seem to be in the /react subdirectory then the RewriteBase directive is not required.

However, an additional concern with this is that all static assets (CSS, JS, images, etc.) are going to be rewritten to web.php as well, unless these are hosted somewhere else entirely?