Published APIs must use authentication

Check ID
API_0001

Category

Security

Summary

Published APIs (REST, Web Service, OData) can be configured to require authentication, or to be accessed anonymously. In most cases published APIs should always enforce authentication. If your case requires an anonymous API, consider using other forms of authentication (E.g. Access Profiles in the Mendix Cloud) or rate limiting (E.g. API management in Azure or AWS) to prevent hackers from accessing your data or damaging your system.

Options

There are no options for this check.

Pass

The 'Requires Authentication' setting of a REST Service, Web Service, or OData Service is set to 'Yes'.

Fail

The 'Requires Authentication' setting of a REST Service, Web Service, or OData Service is set to 'No'.

Last updated