Every REST endpoint, as it is implemented now, is secured by default. I had not thought of a scenario where internal OFBiz services will need to be invoked without authentication (externally)
Yes, the services themselves can be specified to NOT require auth but I had always thought that was applicable within internal execution. I may be wrong here, so please correct me. auth and login-required are not taken into account yet, but can certainly be, if some exportable services should be exposed as public APIs. Best Regards, Girish Vasmatkar HotWax Systems On Thu, Sep 10, 2020 at 5:55 AM Hans Bakker <h.bak...@antwebsystems.com> wrote: > Hi, Girish, > > thanks again for your last reply it defenity helped, however i have > another question. > > I need to access certain services publicly without a token. > > I have put auth="false" on the service definition and > login-required="false" on the simple-method implementation > > still i get a 401 response. > > any suggestions? > > Regards, > > Hans > >