I had the opportunity to use Drupal as a headless CMS and tried the Disable UI module, which restricts UI access to administrators and similar roles.

Disable UI
The perfect security module for a headless Drupal site! Makes it possible to prevent users who lack "Access UI routes" permission from accessing HTML pages on the site.
Drupal.org

As a result, access to the top page was displayed as follows.

On the other hand, the enabled JSON:API was accessible to non-logged-in users.

/jsonapi/

We hope this serves as a useful reference when using Drupal as a headless CMS.