How to define all allowed actions for API endpoints?

There is a service to inject config directly