Welcome to the Community!
As far as I know, there isn’t really a way to secure the API call from a public client without some sort of user credential. If you added a secret, your competition could easily just grab the secret from the public client and make requests as if they were that client, no need for traditional HTML scraping.
Here is an IS stack exchange topic about it