Redirect www to non www and redirect to index.php

From what you've stated in comments, there doesn't seem to be a requirement to maintain two separate .htaccess files. In this case it would be simpler to maintain just one .htaccess file in the document root (assuming they are related).

I am also making the following assumptions about your "api", which also simplifies the directives:

• All requests of the form /api/<anything> should be routed to /api/index.php
• There are no physical files (or directories) that need to be accessed via /api/<file>. (It is an "API" after all.)

You can then do something like the following in the root .htaccess file (and removing the /api/.htaccess file entirely).

RewriteEngine On

# Canonical redirect www to non-www
RewriteCond %{HTTP_HOST} ^www\.example\.com [NC]
RewriteRule ^ https://example.com%{REQUEST_URI} [R=301,L]

# Prevent further processing if the front-controller(s) has already been requested
RewriteRule ^(api/)?index\.php$ - [L]

# Rewrite requests for the API
RewriteRule ^api/. api/index.php [L]

# Rewrite requests for the root application
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php [L]   

The RewriteBase directive is not required here.

Note that you should first test with a 302 (temporary) redirect to avoid potential caching issues. And you will likely need to clear your browser (and any intermediary) caches before testing.

However, a slight concern with this (as I mentioned in comments) is with implementing a canonical redirect for requests to your /api/. Scripts that are making requests to an API won't generally follow redirects - it is expected that these requests are already being made to the canonical URL. So, implementing a redirect for these requests could potentially break these "incorrect" API calls to the non-canonical hostname. Does it matter if the API calls are made to the non-canonical hostname? The www to non-www redirect is generally only for SEO, which does not apply to an API.

Maintaining two .htaccess files (alternative)

Alternatively, if you are maintaining two separate .htaccess files (maybe they are two unrelated projects). One in the root and the other in the /api subdirectory then you would need to repeat the www to non-www (canonical) redirect in both .htaccess files since mod_rewrite directives are not inherited by default.

For example:

# /.htaccess (root) file

RewriteEngine On

# Canonical redirect www to non-www
RewriteCond %{HTTP_HOST} ^www\.example\.com [NC]
RewriteRule ^ https://example.com%{REQUEST_URI} [R=301,L]

# Prevent further processing if the front-controller has already been requested
RewriteRule ^index\.php$ - [L]

# Rewrite requests for the root application
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php [L]

and

# /api/.htaccess file

RewriteEngine On

# Canonical redirect www to non-www
RewriteCond %{HTTP_HOST} ^www\.example\.com [NC]
RewriteRule ^ https://example.com%{REQUEST_URI} [R=301,L]

# Prevent further processing if the front-controller has already been requested
RewriteRule ^index\.php$ - [L]

# Rewrite everything to the API
RewriteRule . index.php [L]

Unlike your original /api/.htaccess the api subdirectory does not need to be explicitly stated since we are using relative URL-paths (and no need for the RewriteBase directive). A relative URL-path is relative to the directory that contains the .htaccess file - so it's relative to the /api directive in this case.