Force the client to provide authorization

I’ve set my flow service properties permission for “Execute ACL=(Inherited)”. I’ve tested my http client via Developer and was successful. However, I want to protect the flow service by enforcing the http client to provide user credentials. What am I missing?

In case of inherited, if it is called from a parent service, then it will depend upon parent service execute ACL. If you want to enforce user credential, you could create an user defined ACL and set the flow service Execute ACL with the same.

Actually, the reason why it work was because I was using the http client from within wM. If I try to POST it from the browser, it did prompted for credentials. So, I think leaving the ACL as (Inherited) is okay.

If you set the service ACL to Anonymous then the POST browser wouldn’t prompt the credentials.But Anonymous is all at your risk or go with https/certs authentication based: