You can specify whether non-interactive sessions require authentication from the
High Security Settings module.
A non-interactive session bypasses the UI to connect to the instance at an API level.
Typically, non-interactive sessions use set protocols such as JSON, SOAP, XSD, or
WSDL. By default, all non-interactive sessions require authentication.
Log in with an administrator user with the security_admin role.
Elevate your privileges to use security_admin.
Select the matching "Requires authorization" option for
the protocol you want to set. For example, Requires authorization for
incoming SOAP requests.
Select the check box to require authentication for the non-interactive session
method. Clear the check box to allow the non-interactive session method to
connect without providing any credentials.
Activating the Non-Interactive Sessions plugin on an existing
system may prevent any existing users that authorize SOAP and WSDL-based
integrations from logging in unless they already have the soap role. See
Updating Web Service User Accounts for Strict Security
manually update existing integration users.