Hi Marcian,
When you set Published Rest to use a Custom autentication, you have to Validate the Data all by yourself in your MicroFlow;
Lets say you have a Entity with “Allowed” Consumers,
The consumers will pass a header with user and password base64Encoded like
Authorization: Basic YWxhZGRpbjpvcGVuc2VzYW1l
Within you Microflow you can analise this datas
Than you can Retrieve and compare the data passed by in Header ou Parameters, and decide if the request is valid or Not;
WS Security
Pseudo Microflow
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Authorization
Regarts