disable customer webapi

Plugin/Webapi/Controller/Rest/DisableApi.php

@@ -0,0 +1,32 @@
+<?php
+/**
+ * Copyright © OpenGento, All rights reserved.
+ * See LICENSE bundled with this library for license details.
+ */
+declare(strict_types=1);
+
+namespace Opengento\Hoodoor\Plugin\Webapi\Controller\Rest;
+
+use Magento\Framework\App\RequestInterface;
+use Magento\Framework\Exception\AuthorizationException;
+use Magento\Webapi\Controller\Rest;
+
+class DisableApi
+{
+    public function beforeDispatch(Rest $subject, RequestInterface $request)
+    {
+        $blockedRoutes = [
+            'rest/V1/customers',
+            'rest/all/V1/customers',
+            'rest/default/V1/customers'
+        ];
+
+        $currentPath = $request->getPathInfo();
+
+        foreach ($blockedRoutes as $route) {
+            if (str_contains($currentPath, $route)) {
+                throw new AuthorizationException(__('Access to this API is disabled.'));
+            }
+        }
+    }
+}

Service/JwtManager.php

@@ -7,7 +7,7 @@
 
 namespace Opengento\Hoodoor\Service;
 
-use \Firebase\JWT\JWT;
+use Firebase\JWT\JWT;
 use Firebase\JWT\Key;
 use Magento\Framework\App\Config\ScopeConfigInterface;
 use Opengento\Hoodoor\Enum\Config;

etc/di.xml

@@ -13,4 +13,7 @@
                 type="Opengento\Hoodoor\Controller\Account\ForgotPasswordPost" />
     <preference for="Magento\Customer\Controller\Account\Edit"
                 type="Opengento\Hoodoor\Controller\Account\Edit" />
+    <type name="Magento\Webapi\Controller\Rest">
+        <plugin name="hoodoor_disable_customer_webapi" type="Opengento\Hoodoor\Plugin\Webapi\Controller\Rest\DisableApi" />
+    </type>
 </config>