Can I verify a that an API call is coming from a mobile app?

We are building a very small API that receives winning contest entries for prize fulfillment. The data we are receiving is:

• account ID (members know their account IDs)
• prize ID
• address
• consent
• date

Here is the problem... If someone dissects the mobile app they could theoretically locate prize IDs, their account ID, and submit fictitious winning entries to our API.

The submissions are coming from a mobile app. So we can't restrict the API to a specific IP address or anything.

I am not developing the actual app, just the API. The API will likely be programmed using PHP.

Is there a way to prevent someone from submitting fictitious contest entries?

Notes:

I found similar questions asked, but they mostly don't have a solid answer or they are were asked years ago. I'm wondering if anything has changed since they were answered.

We have one solution, but it requires a second API call coming from the app's server. I'm hoping there is a more simple solution.

Edit 1: Users are logged into their app, but the only piece of data we are receiving is their member ID.

Edit 2: I don't actually know what is determining the winner. I am not developing this part of the app. I hope it's not being done client side.

source https://stackoverflow.com/questions/73533477/can-i-verify-a-that-an-api-call-is-coming-from-a-mobile-app