The REST endpoints under "/services" are not app-specific even though you put them you $SPLUNK_HOME/etc/apps/yourapp/bin, and they go via Splunk management port (8089 by default). This is somewhat of a problem - while your browser normally connects to http://yoursplunkhost:8000/en-US/app/yourapp, REST API calls go to https://yoursplunkhost:8089/services/yourcustomendpoint. This creates CORS problems unless you properly set HTTP headers in your custom endpoint. And it normally needs authentication, unless you set requireAuthentication = false in the endpoint's stanza in restmap.conf.

There is another way of creating custom endpoints - putting the scripts not in $SPLUNK_HOME/etc/apps/yourapp/bin, but in $SPLUNK_HOME/etc/apps/yourapp/appserver/controllers and defining it in $SPLUNK_HOME/etc/apps/yourapp/default/web.conf. This one goes through http://yoursplunkhost:8080/en-US/custom/yourapp/yourcustomendpoint and picks up the authentication of your browser page IIRC, but you'd better check the exact ways in the documentation.