---
title: Authentication not detected on route processing payments
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > OOTB Rules > Authentication not detected on route
  processing payments
---

# Authentication not detected on route processing payments
 
## Description{% #description %}

No authentication was detected for an API that processes payments. Attackers could abuse this endpoint to perform unauthorized actions, carding, or commit fraudulent activities.

## Rationale{% #rationale %}

This finding works by identifying an API that is tracking a payment [business logic event](https://app.datadoghq.com/security/appsec/business-logic) (tags containing the `payment.` prefix) but for which Datadog detected no [authentication mechanism](https://docs.datadoghq.com/security/application_security/api-inventory/#endpoint-authentication).

## Remediation{% #remediation %}

- Implement authentication to prevent non-intended users interaction with the API
- To improve authentication detection, you can configure custom authentication detection via the [Endpoint Tagging Rules](https://app.datadoghq.com/security/configuration/asm/trace-tagging) settings.