---
title: Hide unused REST endpoints
description: The two main use cases for IDM are data synchronization and user self-service.
component: pingidm
version: 7.5
page_id: pingidm:security-guide:hide-unused-endpoints
canonical_url: https://docs.pingidentity.com/pingidm/7.5/security-guide/hide-unused-endpoints.html
keywords: ["Security", "REST", "Synchronization", "Self-Service", "Endpoints"]
---

# Hide unused REST endpoints

The two main use cases for IDM are data synchronization and user self-service.

If you are using IDM *only* to synchronize data sources, do not expose the server externally. In this case, IDM initiates all connections.

If you are using IDM *only* for user self-service, ensure that the server is behind a firewall or proxy, such as [PingGateway](https://docs.pingidentity.com/pinggateway/). At a minimum, hide the `/admin` endpoint in the web interface via the proxy. Use the [conf/access.json](../auth-guide/authorization-and-roles.html#access-json) file as a guide for proxy or firewall rules.

If you are using IDM for data synchronization *and* user self-service, it is preferable to run two IDM servers or clusters, each with its own security model. Because the two use cases have very different load characteristics and security implications, running them on separate servers can help to prevent synchronization activity from impacting the performance on end-user systems.