If I'm understanding what you're trying to do, this isn't on our end. Neocities currently doesn't prevent sites from making API calls to other servers - that's on your HTTP server's side, you control that.
Occasionally I get requests to allow HTML hosted on Neocities to make API calls directly to Neocities itself - which would be OK for things like basic stats lookup, but for things like file uploading/deleting/editing this is dangerous, because it would allow attackers to write scripts to hack people's accounts that can be executed by their own browsers. This is called a CSRF attack, and that's why we prevent people from doing that.
