The doc around the Content Delivery API says this:
Support returning access-controlled and personalized content.
But I can't find any further information. Does anyone know how this is accomplished?
Given that several criteria in Visitor Groups require tracking every visited page, and would likely need information from the client's user agent (which is one level removed from the API call), I'm a little skeptical of this.
Has anyone done it? Does anyone know how it works?