My API (PHP/Node.js) is returning an HTML page with JavaScript (verification challenge) to my Android app (OkHttp/Retrofit) instead of the API response. Since programmatic clients do not execute JS, the communication fails.
Is it possible to disable this JavaScript challenge for API accesses, or configure my domain/path for direct access without verification?