public IActionResult ProcessTransaction([FromForm, FromBody] TransactionData data) { var userName = User?.Identity?.Name; if (userName == null) { return(NotFound()); } if (!Request.Headers.ContainsKey("App-Auth") || !_apps.IsThisUsersAppKey(userName, Request.Headers["App-Auth"])) { return(NotFound()); // endpoint will be masked, so Unauthorized() is an additional info we don't want to share } return(Accepted()); }