Is there a way to restrict the api methods by role (or user)? I can't see anything (on the method builder, the class, or even the API file) but a manual check.
As a workaround, we use qr.Session.Principal.IsInRole inside every method, but I search for a more configurable (and reportable) solution.