Step 1. Magento\Webapi\Controller\Rest\InputParamsResolver::resolve()
Step 2. Magento\Webapi\Controller\Rest\RequestValidator::validate()
Step 3. Magento\Webapi\Controller\Rest\RequestValidator::checkPermissions()
Step 4. Magento\Framework\Webapi\Authorization::isAllowed()
Step 5.
5.1. For a guest customer:
How is the «resource ref='anonymous
’» webapi.xml
rule handled for a request?
5.2. For a registered customer:
How is the «resource ref='self'
» webapi.xml
rule handled for a request?