PART 1: An attacker can intercept API requests from your application, allowing them to understand your API structure and make unauthorized requests by replicating your application's communication patterns. PART 2: You also would like to intercept and view network requests.
Well, it is a very broad issue, I'd say. There are various ways to ensure your API is regarded as safe from external attacks. Now, there may always be vulnerabilities out of your control, although following best practices like using "https", "authorization headers", and Android SafetyNet (see this response and also this thread should make a difference.
You can try using Proxyman which has a solid free tier.