The Loginapp REST API must be protected by Airlock Gateway. Never allow direct access to the Loginapp REST API from untrusted networks.
The Airlock Gateway mapping configuration is described in Airlock Gateway for Airlock IAM configuration.
The Denied Access URL has to be configured as described in Loginapp UI configuration for authentication and authorization flows.