By default, you can't use your database via API calls.
Go to app Settings -> API check the checkbox "Enable Data API"
Check the checkbox for databases that you need to use via API
Next, we need a Privacy rule for checked databases to secure it.
Go to Data -> Privacy
Select needed database and click Define a new role
Set a name for it (any name)
Here you can add any condition that is good for you.
Here is an example. A rule to make changes in database from API only if the user is logged in.
You can add multiple conditions and roles.