Custom API v 4.1, request with entryPoint

Hello friends how are you?
I am working with php curl from a CRM (receiving) where I want to consume data from another CRM on a different server (sending)
I was guided based on the documentation of the API v4.1 but the truth is that it is not very useful for me since in the same way anyone can make a request having the exact path of the file where the code that receives said request is located.
I clarify that I do not understand very well how to use it (API v4.1: API v4.1 :: SuiteCRM Documentation)
My problem is that I can’t find a way to make it work with user authentication correctly if this file is masked with an entryPoint, because it doesn’t get access
Does anyone have any idea how I can achieve a curl request to a file that has an entryPoint and get access to it?

try {
    $curl = curl_init();
    curl_setopt($curl, CURLOPT_URL, '');
    curl_setopt($curl, CURLOPT_POST, 1);
    curl_setopt($curl, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
    // curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
    curl_setopt($curl, CURLOPT_HEADER, 1);
    curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, true);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 0);
    curl_setopt($curl, CURLOPT_POSTFIELDS, $post);
    $result = curl_exec($curl);
} catch (\Throwable $th) {
    $exception = $th->getMessage();
    throw new Exception($exception);

Another strange thing is that if I add headers to receive at destination, it doesn’t work

$headers = array(
    "Content-Type: application/json",
    "Authorization: Bearer ".$token,

$post is:

$post = array(
    'user_auth' => json_encode($userAuth),
    "module" => 'Accounts', 
    "data" => json_encode($data),
    "input_type" => "JSON",
    "response_type" => "JSON",

$userAuth is:

$userAuth = array(
    'user_name' => 'admin',
    'password' => md5('123123'),

And my recipient destination file is:

if(!defined('sugarEntry') || !sugarEntry) die('Not A Valid Entry Point');

try {
    $_HEADERS = apache_request_headers();
    file_put_contents("custom/response.test.log", print_r($_HEADERS,true)."\n");FILE_APPEND);
    file_put_contents("custom/response.test.log", print_r($_REQUEST,true)."\n");FILE_APPEND);
} catch (\Throwable $th) {
    $exception = $th->getMessage();

My entryPoint is: custom/Extension/application/Ext/EntryPointRegistry/ResponseEntryPoints.php

$entry_point_registry['Response'] = array(
    'file' => 'custom/response.test.php',
    'auth' => true,

if i remove the entryPoint and use the full path it works fine
Although the header thing doesn’t work