Please Help! Something is wrong with my NodeJS code and the Deta Space platform

[LaBerginha]

Hi, I will show you my simplified code for you to understand me, I have a website with a frontend that I serve from the public folder using:

app.use(express.static('public'));

and a backend in my index.js file with the post routes /api1 and /api2:

import express from "express";
const app = express();
const PORT = process.env.PORT || 3000;
app.use(cors());
app.use(express.static('public'));
app.use(express.json());
app.post('/api1', async (req, res) => {
//code
});
app.post('/api2', async (req, res) => {
//code
});
if (process.env.NODE_ENV !== "production") {
  app.listen(PORT, () => {
    console.log(Listening on port ${PORT});
  });
}

And I'm using Deta Space, a free Heroku-like platform that is serverless to deploy to my website using NodeJS. This is my current Deta configuration (Spacefile):

v: 0
micros:
  - name: xdchk
    src: .
    engine: nodejs16
    primary: true
    public: true

What I want is that only the index.html and the frontend css/js files are public, but the /api1 and /api2 paths are not public, only for my own web.
This is the documentation on how to configure routes:

Deta Space

Your own personal computer in the cloud: private, secure & always online.

deta.space

 

[LaBerginha]

*** Hidden text: cannot be quoted. ***

The file is deleted bro

 

[LaBerginha]

Thanks friend, I had already tried that solution, the problem with it was that the token is always the same and therefore if you had the token you could access the API without problems. Do you have any other idea in mind? If you speak Spanish I could explain the problem better. @alexmisaila