None.
Everything that is given to the client and processed there can be opened, peeped, reverse engineered.
The only solution is to make it easier to pay you than to bother with your own crutches. If a full-fledged analogue of your service is done in two days, then you can assume that you don’t have a product.
If it takes a month to implement a full-fledged analogue, then no one in their right mind will do this - it's easier to pay than to crutch and then support.
There is a separate category of users who will resist, spend the equivalent of a monthly fee for several years on development, but will do their own thing. Or they will simply make some very limited set of functionality that they need.
You can’t do anything with the first ones, they are inadequate people, not your audience.
But if there is a possibility of a large number of the latter, then you need to make the Rogue tariff for them and they will pay you instead of their programmers.

Do not give in a simple / convenient way more than you need at a minimum.
Eliminate the possibility of logical guessing (for example, numbering objects in a row allows you to get objects 3-100500 from the assumption that there are objects 1 and 2).
Limit the number of requests per unit of time.
If you suspect an automated data download, activate the Captcha.

Transfer data in encrypted binary form via web sockets.
+ block the console in the browser. How, for example, does Avito
How does Avito block the developer console in the Chrome browser?
Cut off 50 percent of breakers.
For on shared hosting, there is mostly non-customizable php, which is hard to work with web sockets.
The one who can afford vps is likely to buy your tariff anyway.