Skip to content

All API Endpoints Require Authentication

  • Status: Accepted
  • Deciders: brishe
  • Date: 2024-11-10

Context and Problem Statement

Without authentication APIs would potentially be open to any application or user making requests. This may pose a security threat and break best practice of least access required.

Considered Options

  • Require authentication for all APIs
  • Allow anonymous access for APIs

Decision Outcome

Chosen option: "Require authentication for all APIs", because We determined that at this point there should be no use cases for anonymous APIs defined within API management, so all endpoints will require authentication. If a valid use case presents itself in the future, we will revisit and reevaluate this decision.