# Published APIs must use authentication

<table><thead><tr><th width="138">Check ID</th><th>API_0001</th></tr></thead><tbody><tr><td>Category</td><td>Security</td></tr><tr><td>Summary</td><td>Published APIs (REST, Web Service, OData) can be configured to require authentication, or to be accessed anonymously. In most cases published APIs should always enforce authentication. If your case requires an anonymous API, consider using other forms of authentication (E.g. Access Profiles in the Mendix Cloud) or rate limiting (E.g. API management in Azure or AWS) to prevent hackers from accessing your data or damaging your system.</td></tr><tr><td>Options</td><td>There are no options for this check.</td></tr><tr><td>Pass</td><td>The 'Requires Authentication' setting of a REST Service, Web Service, or OData Service is set to 'Yes'.</td></tr><tr><td>Fail</td><td>The 'Requires Authentication' setting of a REST Service, Web Service, or OData Service is set to 'No'.</td></tr></tbody></table>