# How it Works The entry point of the ACL feature is the SC declaration. As the vision claims to enable the SC to have extra capabilities, the first step is to declare inside the code block that an instance of ACL is required. Having the commented line `// ACL` as top-level code is mandatory to achieve this. Input declaration and `if(ACL)` statements are also required inside the block body to properly use this API (see [Syntax & Smart Contract requirements](/access-control-layer/syntax-and-smart-contract-requirements.md)). The system will resolve the `if(ACL)`statement and any instruction inside every time a request hits the storage endpoint, or any endpoint that results in a block (i.e., "storage," "block," "timestamp," "height"), the ACL runtime is triggered. First, the node will find the original block where the current SC is declared. After checking the existence of the `// ACL` top comment in the case of SC declarations or in the parent SC when invocation calls, execution will proceed to create a shallow copy of the original returning block. The copied block is now ready for a morphologic reconfiguration, where, in a sandboxed environment, it will safely execute itself, looking for the condition `if (ACL)` to see if exposes any errors or throw's exceptions. Every exception will quit the sandboxed runtime returning a custom JSON value. This sandboxed execution will input, as a JSON object payload, the request headers, query parameter fields, path, and JWT tokens provided in it. Last but not least, the execution is done with a global variable `ACL=true`. After all, the node enters a selection process where it verifies: 1. Original block integrity. 2. `if(ACL){}` code execution results. **"Handle Exceptions"** During execution, smart contract runtime exceptions are treated as ACL failures and will display the original block with dedicated messages. Smart contract "*execution exceptions"* are handled as responses and will be separated into *"instances of Error"* or *"String-type exceptions"*. The first ones will also be treated as ACL failures and will display the original block with dedicated messages exposing failure details. On the other hand, String-type exceptions will be parsed back as responses and returned to the client following the instructions specified in the original block. If this execution runs without concluding in any exceptions, the middleware functionality is passed, resulting in a normal API interaction. In other words, no exceptions during the ACL execution context mean that blocks and storage data are fully public. (see the [Examples](broken://pages/sTs7QW6ofSkh7OGbDcFm) & Usage implementations ). --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.nxtfi.org/access-control-layer/how-it-works.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.