fix Exposing server api to accesse by end users

[rumoursbehindme]

To ensure that APIs are not accessible to end-users and are only accessed by modules, it's essential to implement secure practices. One effective method is to design vulnerable APIs as POST methods, requiring specific inputs in the request body that are known to both the server and front-end modules. By doing so, we can enhance the security posture of the system.

This approach establishes a clear boundary between the client-side and server-side components, limiting direct access to sensitive APIs. It ensures that only authorized modules, equipped with the requisite knowledge of the input parameters, can interact with the APIs. This mitigates the risk of unauthorized access and strengthens the overall security architecture of the application.