How to expose a secured API with a sonarqube plugin?

Hi,

I need to develop a Sonar plugin exposing metrics for all projects as an API.

NewController controller = context.createController("api/prometheus");
controller.setDescription("Prometheus Exporter");

controller.createAction("metrics").setHandler((request, response) -> {

    (...)

    controller.done();
}

this endpoint need to be secured to be only accessible to sonar administrators.

Is there an example on how to do this somewhere ?