Welcome to web development, this is a problem that is not easily solved.
If you want your data to be private then require authentication before your API can be used. OAuth client credentials is common for APIs but you could use something else as well. Of course then you need to ensure that all valid users have a client account. If you manage access to your APIs then you have control over who can call it. Of course nothing prevents your competitors from requesting access and you granting it. Then they can download the data. There isn't an automated approach to working around that.
Yet another approach is to have tiers of data access. Perhaps the public can access a small subset of the data and an account is required for more information.
And another thing to consider is using rate limiting or throttling on API calls. If you limited a caller to a certain number of calls at a time then you can slow down competitors but eventually they will still get all the data. But it just makes it slower.