All of our secure rest calls are secured using the access controller AgentLoggedInAccessController, which ensure that the user making the request is logged in and is an ‘Agent’ with the appropriate permissions.

/atg/rest/userprofiling/AgentLoggedInAccessController