/**
  * Ensures that the current request is validated for Authentication
  *
  * @return void
  */
 protected function configureApiAccess()
 {
     if (isset($this->settings['auth']) && !$this->settings['auth']) {
         return true;
     }
     if ($this->hasError()) {
         return;
     }
     // Do not require authentication if the request isn't considered API
     if (!$this->request->is('api')) {
         return;
     }
     // If its a public action, do not enforce API security checks
     if (in_array($this->controller->action, $this->publicActions)) {
         return;
     }
     // If the user has a isAuthorizedApi method, call it and don't check anything else
     if (method_exists($this->controller, 'isAuthorizedApi')) {
         if (!$this->controller->isAuthorizedApi()) {
             throw new ForbiddenException('Permission denied');
         }
         return;
     }
     // Do not enforce authentication if the request is already authenticated
     if ($this->controller->Auth && $this->controller->Auth->user()) {
         return;
     }
     // Get the access token, if any
     $token = ApiUtility::getRequestToken($this->request);
     // Deny access if no AccessToken is provided
     if (empty($token)) {
         throw new ForbiddenException('Permission denied, missing access token');
     }
     // Deny access if the AccessToken isn't valid
     if (!$this->controller->Auth->login()) {
         throw new ForbiddenException('Permission denied, invalid access token');
     }
 }