---
title: Authentication not detected on route using expensive APIs
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > OOTB Rules > Authentication not detected on route
  using expensive APIs
---

# Authentication not detected on route using expensive APIs
 
## Description{% #description %}

No authentication was detected for an exposed API that makes use of paid third-party services.

A malicious user could abuse this endpoint to incur significant costs, exceed your quota, and potentially disrupt your application.

## Rationale{% #rationale %}

This finding works by:

- Identifying an API for which Datadog detected no [authentication mechanism](https://docs.datadoghq.com/security/application_security/api-inventory/#endpoint-authentication)
- Is processing traffic from the internet.
- It was detected using a third-party paid service as a part of its operations. See the [list of services](https://docs.datadoghq.com/security/default_rules/appsec-expensive_apis/#strategy) that fall in this category.

## Remediation{% #remediation %}

- Implement authentication to prevent non-intended users' interaction with the API
- To improve authentication detection, you can configure custom authentication detection via the [Endpoint Tagging Rules](https://app.datadoghq.com/security/configuration/asm/trace-tagging) settings.