How to check if request to API endpoint is internal or external?

I have custom API endpoints under

/api

/api

protected using

nuxt-auth-utils

nuxt-auth-utils

and a server middleware which uses

requireUserSession()

requireUserSession()

for all routes under

/api

/api

. I wish to omit one of these routes from requiring a cookie (logged-in session) ONLY if the request is an internal request, that is, if it was made by either the server (nitro) or the client (nuxt). Is there a deterministic way of checking if a request is an internal request coming from within the app (nuxt and/or nitro)? I already searched through the nuxt, nitro and h3 docs and couldn't find anyting. I would also like to avoid using e.g. "Referer" header which is not 100% deterministic and still only comes from client requests

How to check if request to API endpoint is internal or external?

Similar Threads