Question: Prevent listing of data by class name

currently you can just curl with APP ID and list contents of a passed class (GET)

Any way to prevent this behaviour for some classes or all unless a masterkey or rest key is present?

thank you

trying to figure out if ACL can be applied
