I have an e-commerce site where I have some public API endpoints. I want to secure those endpoints. For example, I have an endpoint like /products which is public API endpoint. But I want to make my api secure so that only my application and my mobile app can access this endpoint.
I have read so many articles regarding this. Like using csrf token, anonymous token, or using custom header variables. But none of them explained the best case. Can anyone please help me on this issue. I am new to this issue.
