secure rest API

The most safest way is not publishing it on the internet at all!

Aside from the jokes, the best solution for you is using allowed origin headers. So your API validates from which sites the calls come. Take a look at this package: https://github.com/barryvdh/laravel-cors

Also Spatie puts out a similar package as above but with more options.

https://github.com/spatie/laravel-cors