Agent Network Best Practices

general > has-authentication-policy

Guidance

This rule validates that API instances have at least one authentication policy applied from the standard set of supported authentication mechanisms. Authentication policies protect API endpoints from unauthorized access and restrict interaction to verified clients. Without authentication policies, APIs face security breaches, data leaks, and unauthorized usage that compromises system integrity and violates compliance requirements. The rule checks for common authentication policy types including LDAP, HTTP Basic, Client ID Enforcement, IP Allowlist/Blocklist, OAuth2, and OpenID Connect implementations. This validation applies to API instances deployed on the Anypoint Platform. All production APIs must maintain security controls before deployment.

Message

The API instance has no authentication policy applied

Applies to APIInstance

Constraint

Type: Declarative Validation