Hi guys,
If this is sorted elsewhere, sorry, I haven't been able to locate on the forums.
I have a plugin to action some custom API routes, and am using API key authentication.
To enable this, I first needed to enable the "REST API" plugin, which in turn opened many other routes.
To mitigate this, I have imported "RestPaths" and disallowed everything except the custom routes.
However http://localhost:8080/Logs/Today, which does not require authentication, is still working, and shows the Authorization Bearer (API key) ...
Is it possible to completely disable all the default routes, while still allowing custom API plugins? Or is there an alternate way to fix this security hole?
Cheers,
Neil