I am using "PHP-CRUD-API" (https://github.com/mevdschee/php-crud-api) to do operations on a MySQL-database. It works very well, but the problem is that everyone else can also do the operations, because the REST-API only needs an URL to make queries. For example if anyone uses a software that sets the request type to DELETE and use this URL: "localhost/api.php/mytable/1" they would delete 1 row in "mytable" which is in my MySQL database. This may be a combination of Android/PHP/MySQL related topic, but I was wondering if anyone could tell me how I can make it so that my Android app is the only app/place that can successfully do queries to my database? (I have so far only been coding in Android Studio by using Java, and do not have a lot of knowledge about PHP and MySQL, which is why I chose to ask for help in this Android forum).