Lodata does not wrap the API in authentication by default to get the developer up and running fast, but it's easy to add.
The OData standard is light on recommendations (opens new window) for authentication, as theoretically any HTTP authentication type could be supported by the producer as long as the consumer understands it.
The only authentication type the OData standard does recommend is HTTP Basic (opens new window), and there's support in many consumers for this.
If you've exported the configuration you can add basic authentication to all
Lodata endpoints by modifying
auth.basic in the array of middleware:
... /* * An array of middleware to be included when processing an OData request. Common middleware used would be to handle JWT authentication, or adding CORS headers. */ 'middleware' => ['auth.basic'], ...