I'm developing a RESTful API with Laravel PHP that will be consumed by an Android application, the API is consumed only by the application, there is no web system.
I am learning RESTful, and during the learning I was left with a doubt. I get to consume the API, okay, but I thought ... If I access the link myself, I can see the data json:
So how would I prevent someone from accessing the API data through the browser, or building a separate system to consume the API?
(As you can see, the API will have data that should be viewed only by their owner)
And how would you restrict access to some parts of the application only for certain types of users (permissions system)?