Disable all REST document/resource API

Hello everyone,

I’m developing APIs for mobile and web app base on frappe framework. I found that default APIs for each doctype can leak data if I not set perms level for each field carefully. So, what should I do to disable all available APIs of doctype?

Keep the desk access under vpn, because desk access may need /api/resource route

expose /api/method route to external network through api gateway or reverse proxy.