I was testing an api POST endpoint, but found I could still post to it with a python script. How do I prevent this behavour?

For example:

import requests
r=requests.get("https://testing-vercel-ecru.vercel.app/api/hello")
print(r.json())

successfully pings to this:

export default function handler(req, res) {
    res.status(200).json({ text: 'Hello' });
}

when based on my understanding and reading of the image it shouldnt be able to