I would go with approach 1). You shouldn't tell your enemies your endpoints.
If someone wants to e.g. Check an endpoint for security breaches, so they can hack you, they wouldn't know where to start with approach 1).
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I would go with approach 1). You shouldn't tell your enemies your endpoints.
If someone wants to e.g. Check an endpoint for security breaches, so they can hack you, they wouldn't know where to start with approach 1).