I want to reject invalid request that will consume my cycle.
You can check the Principal of the caller for any public method, then the code in the method could only allow access to certain Principals, there’s an example of this approach in this tutorial: Add access control with identities :: Internet Computer
Thanks for you reply, I just think some one will attack my canister, buy using dev principal.