No Authentication (none)

Use this auth mode only for intentionally open routes where caller identity is not required.

What this method does

• Profile auth check is skipped, but profile-level access controls still apply.
• X-Client-ID and X-Profile-ID are still used for profile/policy context.

When to use

• Public metadata/health/info routes
• Controlled internal routes behind trusted network boundaries
• Temporary transition phases with strict policy controls

How to configure safely

1. Set auth type to none on a restricted profile.
2. Limit route scope to minimum required endpoints.
3. Enforce method and IP restrictions.
4. Apply strict rate and quota policies.

Verify

• 403: access/profile/IP denial
• 405: method denied by profile
• 429: limits

401 is generally not expected for none auth paths unless another auth layer is in front.

Troubleshoot

• Unexpected anonymous access: check profile/collection bindings.
• Unexpected 403: check IP/method restrictions and policy scope.
• Unexpected 429: tune limits for intended public traffic pattern.

Related docs

• Access Control Overview
• Profiles
• Policies
• Request Logs