API endpoints that do not have an authentication mechanism can cause many private data to be leaked by attackers.
API (Application Programming Interface) provides 2 systems to communicate with each other. Each API has a documentation that determine how information can be transferred. APIs use HTTP requests to get information from a webserver or a web application.
Attackers can use your API endpoints by impersonating you and access your private data.
If you have an endpoint that doesn't have any authentication mechanism, set an authentication mechanism immediately.