All of the secure REST calls are secured using the access controller AgentLoggedInAccessController, which ensures that the user making the request is logged in and is an ‘Agent’ with the appropriate permissions.

/atg/rest/userprofiling/AgentLoggedInAccessController