You are looking at documentation for an older release. Not what you want? See the current release documentation.
eXo Platform exposes a list of Rest API methods. They are used internally by the deployed components but can also be used by your users.
Depending on your use cases, it could be (highly) recommanded to block the public access to some of them.
/rest/loginhistory/loginhistory/AllUsers : to avoid information disclosure and for performance issue.
/rest/private/loginhistory/loginhistory/AllUsers/* : to avoid information disclosure and for performance issue.
/rest/jcr/repository/collaboration/Trash : to avoid information disclosure.
/rest/ : Avoid rest services discovery.
/portal/rest : Avoid rest services discovery.
The following configuraton examples will allow you to block the previously listed Rest URLs with Apache or Nginx.