The admin API will be implemented as a separate topology. This will allows for a separate authentication and authentication and authorization from normal topologies/clusters. The admin topology will be called admin. This may conflict with existing customer topologies but that could be addressed by the customer renaming the admin topology.
Sample Topology File
<topology>
<gateway>
....
</gateway>
<service>
<role>ADMIN</role>
</service>
</topology>