混合单页面应用程序架构（过度设计？）

Please excuse the length of this post!

I'm building a fairly complex product that consists of the following:

1. A Web Application
2. A Web Server w/ PHP MVC Backend
3. Mobile Apps (iOS, Android, Windows)
4. A REST API Server (PHP)
5. A DB Server (MySQL)

*Note, there are no frameworks in use and on occassion jQuery is used for simplicity.

My issue lies with the web app. Out of the entire application there are maybe a dozen pages that are actually served up by the web server with some data prepopulated. The pages have tabbed navigation where content/data is displayed. Those tab sections will all load dynamically if/when the user selects the tab. For performance reasons I cannot preload all of the data and only populate it when requested.

Currently all my requests to the API from the web app are routing through the webserver where my user session is stored.

This is what request cycle would look like.

1. Web App User requests a page
2. Web Server calls API and populates data from API response
3. Web Server serves requested page
4. Web App User clicks on a tab on the page, data must now be loaded
5. Web App sends AJAX HTTP request to web server
6. Web server calls API requesting/receiving data
7. Web Server sends JSON back to AJAX call
8. Web App populates data on the tab

My question is if this is too over-engineered. I know I could skip the webserver and just call the API, but being that the API has no session management, it doesn't seem to make sense. With each call to the API I need to know if the user is logged in to allow for post, put, or delete calls, so it doesn't seem right to skip the web server.

Am I going off track here or is this the recommended approach?