Security measures can be put in place when you have a concrete attack vector, not by guessing things such as "somebody might use a script". You are exposing your application and API anyways for the sole purpose of users being able to access it.

So what are you truly trying to prevent? If it's users scraping or probing your API then you have to set up rate limiting or protect the relevant paths with auth.

In addition to that this question makes no sense for this reason: If you add some check that the request is coming from your frontend or a specific client this means your client-side code needs to apply some way to identify itself. This can just be copied by attackers since frontend code is fully sent to the client anyways.

Thank you! I'm just noticed that there is abuse of my api from many datacenters like AWS or OVH. I have checked IPs.
What will be best in this case to prevent it?

Rate limiting and optionally putting Cloudflare in front of it or applying other WAF-based solutions.