By default, API resources/endpoints inherit security settings from the parent API. Define custom ACLs for a specific resource/endpoint to override the inherited settings.

1. Navigate to System Web Services > Scripted REST APIs.
2. Select a scripted REST API.
3. In the Resources related list, select a resource.
4. In the Security tab, select the Requires authentication check box.
   You must select this check box to require an ACL for the resource. If you clear this check box, the resource becomes public and requires no credentials. Clear this check box only if you want to allow unauthenticated requests to access the resource, even if the parent REST service requires an ACL.
5. Select the Requires ACL authorization check box.
6. In the ACL field, select one or more ACLs that meet the security needs for the endpoint. Select only those ACLs that have a Type of REST_Endpoint. Only users who have roles defined in the selected REST_Endpoint type ACL are granted access to this resource.
   Selecting an ACL for a resource overrides any ACLs selected for the parent web service. Leave this field blank to use the ACLs selected for the parent web service.