WP_REST_Response|WP_HTTP_Response|WP_Error|mixed $response, array $handler, WP_REST_Request $request )
Filters the response before executing any REST API callbacks.
Allows plugins to perform additional validation after a request is initialized and matched to a registered route, but before it is executed.
Note that this filter will not be called for requests that fail to authenticate or match to a registered route.
Result to send to the client.
Usually a WP_REST_Response or WP_Error.
Route handler used for the request.
Request used to generate the response.
View all references
$response = apply_filters( 'rest_request_before_callbacks', $response, $handler, $request );
Here is the code I have used to authenticate each request and limit route access using allowed routes set in an array