...
Add this requirement at the end point endpoint security block to bypass the authentication requirement all end points endpoints implicitly have. This requirement does not need any additional metadata.
...
Why did we add this security block to the end point endpoint instead of a route segment or input entity field?
Remember, requirements are executed in collections at 3 different levels (endpoint, route, and input fields). In order for a collection to pass at least one requirement in the collection must succeed. The framework always adds the a requirement at the end point endpoint level that requires authentication. Also, all collections must pass their requirements. Lets Let's assume we are an anonymous user attempting to call the end pointendpoint.
If we add no additional security metadata all end points endpoints will have security that looks like this:
...
The authentication requirement will fail, the end point endpoint grouping will fail, and therefore the request will not be allowed to execute.
...
When we add the security block to the end point endpoint level we have:
| Collection Name | Requirements | Result |
|---|---|---|
| Endpoint | Require Authentication, Allow Anonymous | Require Authentication fails but Allow Anonymous passes, so this entire collection passes. |
| Route | None | Pass |
| Input Fields | None | Pass |
...