By default, endpoints are public; however, it is possible to set up security on endpoints using access control and access checkers. There are two ways to set up access control mappings. You can specify an access checker that the endpoint will use, or you can set up a configuration file to specify access checkers for a URL and HTTP method.