You could check if a specific HTTP header is present when a call gets made. If the header is not present, you'll throw an error, if it is then you provide the expected response with content.
In example:
const request = new Request('example.com/test', {
method: 'GET',
headers: new Headers({
'Some-specific-header': 'Some-optional-value'
})
})
fetch(request).then((response) => {
// Handle response
})
Then at the server you'd check if the current request contains this header calledSome-specific-header. If it does, return content, else return an HTTP forbidden (403).