Description

No authentication was detected for an exposed API that makes use of paid third-party services.

A malicious user could abuse this endpoint to incur significant costs, exceed your quota, and potentially disrupt your application.

Rationale

This finding works by:

• Identifying an API for which Datadog detected no authentication mechanism
• Is processing traffic from the internet.
• It was detected using a third-party paid service as a part of its operations. See the list of services that fall in this category.

Remediation

• Implement authentication to prevent non-intended users’ interaction with the API
• To improve authentication detection, you can configure custom authentication detection via the Endpoint Tagging Rules settings.