Splitting public and private endpoints

I am trying to deploy a REST API with private and public endpoints.

example .com/public/my_customer_can_do_something
example .com/public/my_customer_can_do_something_else

example .com/private/my_company_can_do_something

The public endpoints:

  • Must be publicly addressable
  • Must accept various kinds of auth, starting with jwt or API keys

The private endpoints:

  • Must require Warp or similar

Ideally I’d like to keep all that functionality in one code base and deployment, so I can potentially make a public endpoint private or vice versa in the future.

I have full control over the routes and subdomains, so I make the API accommodate Cloudflare if Cloudflare can do this.

Any pointers? Thanks.