You should already have your own fork of the course repo from the Static Web Apps lab. You can use the same repo as the source of this static web app - but be sure to set the correct content path.
The security feature which the API uses to block requests is called CORS. You need to find the CORS setup for your API and add the static web app as an allowed domain.
Need more? Here’s the solution.