Securing a controller in /cc/ folder
SummaryHow can I force a request to the controller to authenticate?
Currently I can create a controller in the /cc/ folder and call it from Postman with no authentication like so:
How can I write this controller so that authentication is required? (using HTTP basic authentication header if possible?)
Am I going about this the wrong way? I need to call out from Oracle Intelligence Advisor (aka OPA) to a controller on Customer Portal, which will then action the POST and do something with the data. I can't leave an unauthenticated POST endpoint exposed to the internet, for obvious reasons.