I tried to implement Cloudflare on my app. I have the web part and API part for the mobile. How can I use Cloudflare to protect and optimized the web part (caching, etc) but for the API part, maybe do just a bypass (no caching, maybe no protection or less protection). (For example have a rule for this URL /api/ don't do anything (or some recommended practice)

I'm getting this regularly on my mobile calls.

<h1>Server Error (500)</h1>
Response headers
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 74968a18ee948986-SIN
content-language: en
content-type: text/html
date: Mon,12 Sep 2022 06:20:49 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XqpSLNdG070p90inA%2Fyz8fGLCaFJd8Ok0Q1LIX1DnZ8f1TB91QxK7C0akJOAxzWikVPGZ1%2BgGZplkOp7fo7Cx8rQDftwF6e%2FE9ZeoRHVrh6d%2BN9XidYUuwBFeAVsp5dmxQt1HrjXGxqY"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Origin,Accept-Language,Cookie
x-frame-options: SAMEORIGIN

UPDATE:

These are some information and guidelines I have found. Can one cache and secure a REST API with Cloudflare?

I have tried to set this but it does not work ALL the time (sometimes its ok):

Rules->Page Rule-> Create Page Rule
URL: *domain.com/api/*

Disable Security
Browser Integrity Check - disabled
Security Level - Essentially Off
Cache Level - BYPASS
Disable Performance

The way you & Mark B described it is the correct way to do this with Page Rules in Cloudflare. ie, setup a Page Rule for a specific path (in your case *domain.com/api/*) and disable settings as desired.

One other option, to completely disable Cloudflare for a specific portion of your site (such as the API) is to use a different hostname for it, such as api.domain.com and disabling Cloudflare at the DNS level for that hostname entirely (by disabling the orange cloud on it). But this is less recommended as it will also disable all of the security features that you get from Cloudflare.