Security

TBD: Restricting access to the REST API endpoints