Prerequisites:
PHP: 5, Laravel: 5.1, MySQL: innodb 5.6.34.
Problem:
We built a web API with single endpoint "test". Now another endpoint ("health") should be added - this endpoint serves as health indicator for the API: when we call test.api.com/health?, the respective Controller should make direct connection to a DB and send two statuses as response to a user: status of API and status of DB (data is there, DB is live, everything's fine).
Question:
How secure is it to make such a Controller without an authentication middleware? Or in other words: how secure is it to call endpoint which connects to a DB without an api key?
Note, that framework can change in the future - probably to Python's Flask, as well as DB - to PostgreSQL. So even if you don't have expertise in Laravel or MySQL, nevertheless don't hesitate to give your feedback.
You shouldn't have a problem with this. You're not taking in user input so you're not prone to any sql vulnerabilities if that's what you were thinking. You may want to cache the response for a few seconds as to not hammer the database server. Optionally a rate limiter on the API may be a good idea.