This seems like it would be more obvious. I use WordPress to manage content for an external site. The WordPress content is displayed via the WP REST API and I display content with ajax and JS to this remote site. (e.g. https://example.com//wp-json/wp/v2/pages/23). Everything is on SSL and it all works great. How can I simply make it so this ajax GET request is only allowed from a certain domain – the remote site? The WP API is only used to display data.
Read more here: WordPress WP REST API limiting requests by domain