rest api AML

Is it possible to send body with AML to rest api and get aml response?

I could create a method that accepts string and parse the aml and reply but not sure how that would apply on the rights (trying to get only the items the logged in user can see, not the items that the user under which the method will be called - assuming "credentials" are not forwarded)