Joplin server | Protect login page behind other authentication but keep api accessible

The URL used to sync notes appears as not documented anywhere.
Can some explanations be added, please, to the documentation on the subject in reference of this message?
Idea is to protect the login page using, say, Authentik or Keycloak, and to know what is the URL that the sync clients use to synchronize notes. I couldn't fin anywhere what it is, e.g. https://joplin.example.com/ ? or https://joplin.example.com/api/??? ?
The sync URL being known I could unprotect it from Authentik or Keycloak
Many thanks in advance