Hiya,
I think the best path forward would be for you to use the populate JWT lambda.
In that you can examine the user, their registrations to various FusionAuth applications, and modify the delivered JWT. So you could iterate the registrations and build a JWT claim called supportedApps with a list of your apps. You'd have to keep all the lambdas in sync across every application, but luckily you can do so with the FusionAuth API.
Then in any APIs your SPA or native apps call, they can look at the supportedApps claim. If the API supports that company, it can respond.
I'm not sure exactly why you are separating these companies out as FusionAuth applications if one login gets you access to all of them, though. You could map this within one application using roles too, which is a different set of tradeoffs.