protecting my api subdomain

i'm trying to force managed challenge for my api endpoints but since the challenge only works in frontend i made a separate page that enforces challenge. once solved the cf_clearance cookie is obtained but the calls are to a subdomain and hence the cf_Clearance cookie is not passed to the request. how can i solve this?