Hi. I'm looking into metadata service auth here and it seems like the REST sink supports auth, while the kafka sink does not. How is this separation implemented from an API perspective? Does kafka hit the metadata service directly on some endpoint that doesn't require auth?