How can I restrict my backend API to only respond to API requests from my frontend hosted by Cloudflare

Hi, Cloudflare is my DNS provider and I’m using the “Accelerate & Protect” feature to protect my backend API endpoints.

Cloudflare is also serving my frontend (React App) via their CDN.

How can I configure the settings so my backend API only responds to API requests from my frontend hosted on Cloudflare? It doesn’t seem like Client Certificates is the solution because those work best for mobile & IoT clients.

Do the front-end API requests come from your server’s IP address?

I don’t think so. My frontend is bundled & minified, and hosted on Cloudflare’s CDNs so I assume the API requests come from my client’s local IP addresses if I’m not mistaken

Can you be more specific as to the source of your app? Is it on Cloudflare Pages, or written into a Worker?

Maybe an easier question: What’s the DNS record for your front end? Is it an “A” record that points to an IP address?

My app is built using Netlify and Cloudflare’s CDN serves my app

The DNS record for my frontend is a CNAME record (using the orange cloud “accelerate and protect” that points to my app on Netlify