Java

How to properly organize the API architecture in a Spring Boot application?

Hello.
I have created a web application using spring boot, spring security.
Before showing the user the user_page page, he goes through the standard authorization by entering a login and password. Next, it gets the page user_page. On the page, it performs some operations that update the server state via ajax, for this there are 3 end points that accept a POST request. At this stage, everything works.
But I have a task so that the user can perform all the same actions, but through the API.

How it works now.

To access the API, the user must obtain a token. This is an absolutely random set of characters that it generates when a user registers. The user can get it on the same page user_page. Further, any request to the API must be accompanied by this token. Because The API accesses the same end points as the user_page page through ajax, then ajax automatically passes this token.

Everything works, but from the point of view of architecture - it's terrible.
How to properly organize the API in this case?
How to perform authorization when connecting to the API?
Is it worth separating end points for API and ajax if they perform the same tasks?

To be a little clearer, the API is needed so that the user can do everything that he does on the user_page page, but faster, because he will write his client.