您无法从客户端隐藏API调用，无论您做什么，他们始终可以使用像

You cannot hide your API calls from the client, no matter what you do they could always use a packet sniffer like Wireshark to see what your app is doing.

您需要构建一个更安全的API，该API仅允许用户操纵其帐户.您可以通过分配令牌来控制它们的访问，例如 oAuth 的工作方式.

You need to build a safer API that only allows users to manipulate their account. You can control their access by assigning tokens, like the way oAuth works.