Published APIs must use authentication
Check ID
API_0001
Category
Security
Summary
Published APIs (REST, Web Service, OData) can be configured to require authentication, or to be accessed anonymously. In most cases published APIs should always enforce authentication. If your case requires an anonymous API, consider using other forms of authentication (E.g. Access Profiles in the Mendix Cloud) or rate limiting (E.g. API management in Azure or AWS) to prevent hackers from accessing your data or damaging your system.
Options
There are no options for this check.
Pass
The 'Requires Authentication' setting of a REST Service, Web Service, or OData Service is set to 'Yes'.
Fail
The 'Requires Authentication' setting of a REST Service, Web Service, or OData Service is set to 'No'.
Last updated