As more and more websites incorporate APIs to provide dynamic and interactive experiences to their users, security becomes an increasingly important consideration. In particular, when it comes to public-facing websites where users do not need to log in, it can be challenging to secure API calls without compromising the security of the site.
One possible solution is to use an OAuth 2.0 authentication flow. This involves redirecting the user to a login page hosted by the server, and after successful authentication, the server returns an access token to the client. The client can then use this token to call the protected API. Alternatively, a proxy server can handle the authentication and authorization, and the access token can be securely stored on the server-side.
Another approach is to use JSON Web Tokens (JWTs) to handle authentication and authorization. JWTs can be a secure way to pass authentication information between the client and server, but it is important to ensure that the tokens are properly secured to prevent misuse.