It's more of a general question, but What is the recommended way to
protect APIs used in SIGN UP processes? Let's say there is these public
APIs (No user credential required, only API KEYs); find_person(Data
about the person trying to sign up), retur...