Added the possibility to enable/disable REST APIs

src/User/Controller/api/v1/AdminController.php

@@ -139,6 +139,10 @@ class AdminController extends ActiveController
      */
     public function checkAccess($action, $model = null, $params = [])
     {
+        // Check if the REST APIs are enabled
+        if (!$this->module->enableRestApi) {
+            throw new NotFoundHttpException(Yii::t('usuario', 'The requested page does not exist.'));
+        }
         // Access for admins only
         if (!Yii::$app->user->can('admin')) {
             throw new ForbiddenHttpException(Yii::t('usuario', 'User does not have sufficient permissions.'));

src/User/Module.php

@@ -249,6 +249,10 @@ class Module extends BaseModule
         'digit' => 1,
         'upper' => 1,
     ];
+    /**
+     * @var boolean Whether to enable REST APIs.
+     */
+    public $enableRestApi = false;
     /**
      * @var string Which class to use as authenticator for REST API.
      * Possible values: `HttpBasicAuth`, `HttpBearerAuth` or `QueryParamAuth`.