How to expose a secured API with a sonarqube plugin?


I need to develop a Sonar plugin exposing metrics for all projects as an API.

NewController controller = context.createController("api/prometheus");
controller.setDescription("Prometheus Exporter");

controller.createAction("metrics").setHandler((request, response) -> {



this endpoint need to be secured to be only accessible to sonar administrators.

Is there an example on how to do this somewhere ?