How to secure my PHP url endpoints

I have a backend that I developed on PHP/MySql which will provide some URL endpoints in order to get data or post data. Now I am using those url endpoints in my application (webgl application). Now the problem is, the url endpoints are public and anyone can use those url by simply inspecting the browswer. An attacker can get the url endpoints and may post spam data or hange my server etc. So my question is that how do i save my url end points? Remember there is no login option into my application. The webgl application is public, anyone can view it.