V4 Custom API Token validation


is there a way to protect a custom API with an API token generated via the frontend?
I have created the following route for the API:

export default {
  routes: [
      method: 'GET',
      path: '/statistic',
      handler: 'statistic.getAll',
      config: {
        auth: false,
        policies: [],
        middlewares: [],

It works fine, but if I set auth to true I am getting an error and if I am taking it out, I need a user token.
I could not find any information how to set this up with an API token generated in the frontend:

Can you help me how this can be done?

it’s a bad idea to trust client side token, don’t

I agree to not trust client side tokens. Maybe I have also described it in a wrong way.

Right now, with the current configuration, no token at all is needed to access the api.

What I want to protect the API Endpoint with a token generated by Strapi and without the user logging in.