Secure published REST service in mendix

Hi Guys, I have published REST service and I want to make it secure for production level. Though, I have gone through the basic documentation provided for that – but still I want to know which is the best practice or approach to include security for published REST service ?    
1 answers

Depends a bit on what is exposed and who uses it. I always create a special user role for Rest endpoints. Furthermore with multiple endpoints I also create a settings entity with a boolean for each endpoint so I can limit the account to only let that account use the endpoints where this boolean is set. I check this boolean in the microflow that is triggered by the endpoint. This way you do not expose all the endpoints with that one account.