How to authenticate API for Retool frontend

I have GET and POST API requests going to Retool through an open API which allows users in Retool to see all Xano table records and edit specific ones based on their ID.

I'd like to secure the connection but I'm having issues.

I tried the out the box Xano functionality for API authentication but this doesn't work as there's no users table, just a table of data where each row is unique with no user accounts attached.

I then tried creating a preconditional parameter for a customer API key, however, this doesn't feel secure as it appends the key to the API url.

My assumption is that I need to create a custom header and API key for the APIs connected with the table.

If I'm right, how might I do this?

I'm there's a better way to do this, however, I'm open to all ideas.

Thanks 🙂