# Prevent directory browsing in API directories
Options -Indexes

# Allow API endpoint access
<Files "*.php">
    Allow from all
</Files>

# Block access to non-PHP files
<FilesMatch "\.(txt|log|md|json|xml|yml|yaml|ini|conf)$">
    Deny from all
</FilesMatch>