Make APIs private

Right now, I have APIs (or server actions? Do these terms refer to the same thing?) that, if someone happens to go to that URL, they can directly call. Is it possible to make it so that people/bots finding these URLs cannot use these APIs, but so that my Wappler app can continue working using these server actions. To use a programming word, I’d like to make these server actions “private”. Using “Security Restrict” doesn’t seem to be the solution I’m looking for because I wouldn’t like any logged in users to be able to access these server actions directly.