Symfony 5 Disable EventSubscriber when forwarding from a different Controller

Question

I have an ApiController which is used by an outside App. I wrote an ApiSubscriber to Authenticate. All that works fine, but I now want to be able to use some of the Methods in my ApiController from an internal page. To do that, I am preparing some of the data in a controller and than forward to my ApiController which is fine, but than it fails in the ApiSubscriber because it has not got the Authentication data. I was first looking into trying to identify in the ApiSubscriber if I could go by the route and the interesting thing is that it shows me the correct route from where it was forwarded but for whatever reason it seems to go into public function onKernelController(ControllerEvent $event) about 4 times and only the first time the route is discovered the other times the route is null. What would be the best is to say if it comes from an internal route, disable the ApiSubscriber, but how is that possible? I tried to solve it for days, but can't find a solution. Thankful for any hint.

<?php


namespace App\EventSubscriber;

use App\Controller\ApiAuthenticatedController;
use App\Entity\User;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\HttpKernel\Event\ControllerEvent;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
use Symfony\Component\HttpKernel\KernelEvents;
use Symfony\Component\Config\Definition\Exception\Exception;
use Symfony\Component\HttpFoundation\JsonResponse;
use Doctrine\ORM\EntityManagerInterface;
use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
use Symfony\Component\Security\Core\Exception\AccessDeniedException;

class ApiSubscriber implements EventSubscriberInterface
{

public $user;

public function __construct(EntityManagerInterface $em, UserPasswordEncoderInterface $passwordEncoder)
{
    $this->em = $em;
    $this->passwordEncoder = $passwordEncoder;
}

public function onKernelController(ControllerEvent $event)
{
    $controller = $event->getController();

    $request = $event->getRequest();

    // when a controller class defines multiple action methods, the controller
    // is returned as [$controllerInstance, 'methodName']
    if (is_array($controller)) {
        $controller = $controller[0];
    }
    // dd($request->attributes->get('_route'));

    if($request->attributes->get('_route')!= "internal_api_access") {

        if ($controller instanceof \App\Controller\ApiAuthenticatedController) {

            try {
                $this->validateRequest($event);
            } catch (\Exception $e) {
                $payload = array(
                    "success" => false,
                    "status" => "error",
                    "currentTime" => new \DateTime(date("Y-m-d H:i:s O")),
                    "userinfo" => null,
                    "message" => $e->getMessage(),
                );

                return $event->setController(function () use ($payload) {
                    return new JsonResponse($payload, JsonResponse::HTTP_BAD_REQUEST);
                });


            }

            $credentials = $this->getCredentials($event);

            // Validate if the User exists at all
            try {
                $user = $this->getUserData($credentials);
                $request->attributes->set('user', $user);
            } catch (\Exception $e) {
                $payload = array(
                    "success" => false,
                    "status" => "error",
                    "currentTime" => new \DateTime(date("Y-m-d H:i:s O")),
                    "userinfo" => null,
                    "message" => $e->getMessage(),

                );
                return $event->setController(function () use ($payload) {
                    return new JsonResponse($payload, JsonResponse::HTTP_BAD_REQUEST);
                });

            }

            try {
                $this->checkCredentials($credentials, $user);
            } catch (\Exception $e) {
                $payload = array(
                    "success" => false,
                    "status" => "error",
                    "currentTime" => new \DateTime(date("Y-m-d H:i:s O")),
                    "userinfo" => null,
                    "message" => $e->getMessage(),
                );
                return $event->setController(function () use ($payload) {
                    return new JsonResponse($payload, JsonResponse::HTTP_BAD_REQUEST);
                });
            }

        }
    }

}

// The first Method it goes in
public static function getSubscribedEvents()
{
    return [
        KernelEvents::CONTROLLER => 'onKernelController'

    ];
}

/**
 * Check that the request is a valid json string
 */
function validateRequest($event) {

    if(!(json_decode($event->getRequest()->getContent(), true))) {
        throw new Exception("Invalid JSON in request");
    }

    return true;
}

public function getCredentials($event)
{

    $jsonData = json_decode($event->getRequest()->getContent(), true);
    if(!array_key_exists('token',$jsonData)){
        $token = false;
    }else{
        $token = true;
    }
    //  dd($jsonData);
    $credentials = [
        'username' => $jsonData['authentication']['username'],
        'password' => $jsonData['authentication']['password'],
        'token'    => $token,
    ];

    return $credentials;
}

public function getUserData($credentials)
{


    $user = $this->em->getRepository(User::class)->findOneBy(["username"=>$credentials['username']]);

    if (!$user) {
        // we need to think of something proper here
        throw new Exception("User not in the system.");
    }

    return $user;
}

public function checkCredentials($credentials, $user)
{
    if($credentials['token'] == true){
        return true;
    }
    if ($this->passwordEncoder->isPasswordValid($user, $credentials['password']) ===true)       {
        return true;
    }else{
        // we need to think of something proper here
        throw new Exception("Invalid Credentials");
    }
}

}