Password protection and api problem

I try to have an auth on the website using this code that the chatbot gave me. The problem is: My payment provider still can access the api. When i disable the headers, it works again. I just want to have a password for users. Becuase the website is not finished. I use nuxt 3. I did saw it succesfully being added in the build and when visiting i do get the popup to enter user and pass.

[[headers]]
for = "/*"
[headers.values]
Basic-Auth = "username:password"

[[headers]]
for = "/api/*"
[headers.values]
Basic-Auth = “::”`

This is not possible without using Edge Functions. You’d have to write custom code to decide whom you want to show a password prompt to and whom you don’t.