Allow a request to an AWS Amplify created REST API only from the public accessibly hosted webpage without user management (unauthenticated request)

The Amplify-hosted website has two fields for the order number and last name. The website calls the Amplify-created REST API with these two values and processes the next steps. There is no user management or other authentification besides the "knowledge" of these two values.

How is the best way that the REST endpoint can only be accessed by the website and not e.g. via postman?

Is a Signature Version 4 call like described here https://medium.com/@jun711.g/how-to-secure-aws-api-gateway-requests-with-signature-version-4-using-aws-amplify-62d79f92966c the only way for an unauthenticated request (https://docs.amplify.aws/lib/restapi/authz/q/platform/js/#unauthenticated-requests)?