thanks @DMehaffy! It is very helpful!
I have one question more: This method is the best to authenticate this ““public”” requests? What is your recommendation?
My goal is secures the endpoints from my API and that no one can use my resources or view my application data.