When publishing a web or REST service, it should not be consumable by everybody (anonymous). Instead a Mendix (web service) user should be created for each consumer of this service. Having a fine-grained user for authentication has the following advantages:
- it is easy to identify which user caused a change in your application (traceability)
- it makes it possible to constrain access on the user (role) level
- it is easy to log the usage of your service and monitor where requests are coming from
For more information check https://docs.mendix.com/howto/security/best-practices-security#5-applying-authentication-on-services
Non-compliant example:
Compliant example:
