I made a REST Api that should allow users to freely send queries to the server, even if not logged in, however I do want that if you send an external request, from their own app for example to require an API key, I read online that headers can be manipulated so I don't think that would be the option, and I also don't want to create a separate token for the front end.
So basically allow users to use the front end to query the backend freely, but if it's an external request (their own website for example) they need a key for it.
this preferably without needing a key for my front end
is there a way to do this, if so how?
