---
title: Unauthenticated route is used to invite users
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > OOTB Rules > Unauthenticated route is used to invite
  users
---

# Unauthenticated route is used to invite users
 
## Description{% #description %}

An unauthenticated API route is being used to handle user invitations, which may expose your application to potential security risks.

A malicious actor could abuse this endpoint to send unauthorized invitations, potentially leading to account enumeration, spamming, or social engineering attacks.

## Remediation{% #remediation %}

- Validate that the code isn't expecting the user to be authenticated to have access to this resource (AuthN). If this API is in fact authenticated, ensure your code is [instrumented correctly](https://docs.datadoghq.com/security/application_security/how-it-works/add-user-info.md).