Is there a way to restrict the user from directly visiting the JSON link? or For example authenticate the user before returning the JSON response? Thanks
Fess controls search results for users with Role/Group.
If you want to restrict a response, it is better to put Apache/nginx before Fess.