Well it depends on how your servlet interacts with your database. First of all, beware of designing it in a way which can leave you open to SQL-injection. Second, consider implementing some sort of user system, which requires a user and password authentication to interact with the api. Lastly, you could implement a client-side session which you can pass to your servlet during every command. The session variable could be sent to the servlet on client initialization, and kept until some period of inactivity has passed. Every command you send would contain the session, and the servlet would validate the session before doing anything.
These aren't bullet-proof, but it would at least make hackers put some effort in if they want to do anything malicious.