All of the secure REST calls are secured using the access controller AgentLoggedInAccessController
, which ensures that the user making the request is logged in and is an ‘Agent’ with the appropriate permissions.
/atg/rest/userprofiling/AgentLoggedInAccessController