and then you'd protect that endpoint that updates SpiceDB the same as any other endpoint in your system, which is typically going to be using SpiceDB