Description:
In some situations it would be useful for a Morpheus appliance to host an unauthenticated public plugin route/controller endpoint. ATM all endpoints sit behind authentication.
Example use
Customer could use the endpoint to make a custom API accessible by script. It is possible to do this now but requires a login, access the jsessionID cookie and presenting the cookie as if accessing the pages as a browser. This adds some friction in the automation.
Alternatives
- Role permission which requires no authentication would achieve same but present risk
- A plugin provider which allows the customer to extend the api and created additional api endpoints accessed in the normal way with bearer token