Hi @Antony6790
You can block all the request by default and allow only the GET requests with /api/assets path and JSON as the extension.
This will ensure only fetching the asset details/retrieval of asset is allowed whereas rest all operations are blocked.
/0001 { /type "deny" /glob "*"}
/000X #other rules are here for website
/0003 { /type "allow" /method "GET" /url "/api/assets/*" /extension 'json' } #whatever path it is.
Thanks!