I am building a React + python(Fast API) application where these 2 applications are connected via Rest API. My question is if anyone who knows the ENDPOINT , and params that needs to be sent, Anyone can use Postman and send a request, can't they?
So how to tackle this, How to make sure only my react Frontend can send request to Python backend.
And in Google, the most famous answer is to use JWT, when a user is logged in, a JWT is used to validate, but I want my application to be accessed without any credentials (i.e) any guest user can access my application.
What is the best approach here?