Elastic APM agents can send unauthenticated (anonymous) events to the APM Server. This is useful for agents that run on clients, like the Real User Monitoring (RUM) agent running in a browser, or the iOS/Swift agent running in a user application. Incoming requests are considered to be anonymous if no authentication token can be extracted from the incoming request. By default, these anonymous requests are rejected and an authentication error is returned.
Because anyone can send anonymous events to the APM Server,
additional configuration variables are available to rate limit the number anonymous events the APM Server processes;
throughput is equal to the
rate_limit.ip_limit times the
See Anonymous authentication for a complete list of options and a sample configuration file.