Hi Guys, I have published REST service and I want to make it secure for production level. Though, I have gone through the basic documentation provided for that – https://docs.mendix.com/refguide/published-rest-service#1-introduction but still I want to know which is the best practice or approach to include security for published REST service ?
Depends a bit on what is exposed and who uses it. I always create a special user role for Rest endpoints. Furthermore with multiple endpoints I also create a settings entity with a boolean for each endpoint so I can limit the account to only let that account use the endpoints where this boolean is set. I check this boolean in the microflow that is triggered by the endpoint. This way you do not expose all the endpoints with that one account.