To protect your APIs set as few permissions as possible for your application to work. For example, if you plan to use the API to collect data from a form, leave only the Create (POST) permission. This way even if someone gets to know your endpoint, they won't be able to view or modify your data.

A request to an unauthorized endpoint will result in a 403 Forbidden error.