I have exposed a Rest endpoint, but first answer is an html that creates a __test cookie. I can only read my json if that __test value is set in the cookies of the request. Is this something I can avoid to have a rest endpoint ?
Welcome to the community.
There is a system that ensures your site can only be accessed through a web browser and blocks access from other origins, and the __test cookie is part of that system. And there is no way to get around this in free hosting.