We have several public-facing geoprocessing services that allow our application to send emails when certain events are triggered. These services have been running for years without any issues. Recently, however, they’ve started being triggered from outside the application, and the services are running with default parameters. Our initial suspicion is that bots are hitting the service URLs. Has anyone experienced something similar recently or have suggestions on how to obscure or protect the URLs while still allowing the application to access them?
