How do i create Custom REST API Endpoint?

Pimcore Documentation suggest extending FrontendController while creating custom REST API endpoint but no implementation of methods like checkPermission and adminJson is found on FrontendController.

How do i check the user has neccessary permission to access the dataobject ?

You could also use the AbstractRestController, which extends from the AdminController, which includes methods like checkPermission or adminJson.

does using checkPermission expects the url to have apiKey as well ? If yes, how to pass the apiKey when making a request via ajax in ExtJS ?

Append ?apikey=[API-KEY] to your request url. See: https://pimcore.com/docs/5.x/Development_Documentation/Web_Services/index.html#page_Available-Calls

I mean is there any pimcore helpers to fetch the logged in user apiKey in ExtJS.

Talking about my usecase, i extended the dataobjects and added CSV import functionality in Objects relation (see image)

After the user uploads the csv file, it will send a ajax request to the endpoint, the responsible controller will find the dataobjects (if found) and passes back. So, i want to check whether the user has necessary roles and permission for the objects or not.

Do you think it is necessary to check for the permission ? If yes, How do you suggest that i should proceed ?