Allow chat creation from API but not from the host webpage

Hi, I successfully installed Jitsi-meet and it’s running on our server. I had to create the host and now everyone can access our website and create a room. I’m using the API to create new rooms and to let users join them. I don’t want the website to be accessible.
I thought about securing the room creation using authentication, but I fear that then the users that want to create a new room through my application (thus using the API) would be prompt to insert username and password. Also, I didn’t quite get it to work.
Is there a way to block the jitsi-meet interface and just use the API to interact with the server?
Any help will be very appreciated.

If anybody is also looking into this, the answer, at least for me, was to use the JWT token.