I have a frontend in Angular that does not have any login because anyone can check this on the website and makes requests to my AWS NodeJS API (exposed via API Gateway) that provides data like Car parts and so on that is not very sensitive but I want to protect against unauthorized usage. Otherwise another guy can simply start using my API to get this information and I am paying for their requests...
This is what I already applied to protect as much as possible:
I implemented CORs and added AllowOrigin url of my frontend but this only works for requests via browser, via postman it works just fine and everyone can get the data if they discover my API URL (address is public but randomly generated).
I also added API Gateway request throttling and quotas to avoid spam bots doing a lot of requests and I pay the fees.
What else can I do to protect my APIs when creating a webapp without user login?
