How to secure API calls from reverse engineering in a distributed commercial app?

[removed]