Identify Source of API Call (Script or Other)

Is there any way to identify an API call from a script vs other?

I’d like to build a logging interface upon GET/POST/UPDATE/DELETE and if I need the script to do any form of lookup for the logging action, it’ll create an indefinite loop. I’ve considered placing a custom attribute into the payload for those requests, but from a security standpoint, I’d need a way for users to not be able to spoof that to prevent logging.

A couple Ideas to start:

  1. Add a custom value to the payload array.
  2. Find a value that is only known internally and changes upon each request so that I can validate it.
  3. Some referrer or other identifiable variable in the platform or event objects that would indicate the source.

Thank you in advance for your help.