Authentication not detected on route using expensive APIs

이 페이지는 아직 한국어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Description

No authentication was detected for an exposed API that makes use of paid third-party services.

A malicious user could abuse this endpoint to incur significant costs, exceed your quota, and potentially disrupt your application.

Rationale

This finding works by:

  • Identifying an API for which Datadog detected no authentication mechanism
  • Is processing traffic from the internet.
  • It was detected using a third-party paid service as a part of its operations. See the list of services that fall in this category.

Remediation

  • Implement authentication to prevent non-intended users’ interaction with the API
  • To improve authentication detection, you can configure custom authentication detection via the Endpoint Tagging Rules settings.