@Hari Much of this response depends on whether these API’s are internal or external, and who manages/supports them. If they are your own API’s, then you should ideally send a predefined key in the header to ensure that the request is authentic.
This is the standard way of doing it, but I’ll need a bit more detail to comment further.