---
title: Unauthenticated route processes payments
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > OOTB Rules > Unauthenticated route processes
  payments
---

# Unauthenticated route processes payments
 
## Description{% #description %}

Unauthenticated users have access to an API that's processing payments. Attackers can abuse this endpoint to perform unauthorized actions, carding, or commit fraudulent activities.

## Rationale{% #rationale %}

This finding works by identifying an API that is tracking a payment [business logic event](https://app.datadoghq.com/security/appsec/business-logic) (tags containing the `payment.` prefix) but lacks an [authentication mechanism](https://docs.datadoghq.com/security/application_security/api-inventory/#endpoint-authentication).

## Remediation{% #remediation %}

- Implement authentication to prevent non-intended users interaction with the API