Also… you have set GET request, but the backend endoint seem to be set as POST (however ,actually you don’t see the option to switch to GET because public is unchecked like @adamhholmes said)
Yes, public with authentication is generally fine.
However, people don’t really understand what ‘authentication’ means in a Bubble context.
Anyone with an admin API key can use a BE workflow that requires authentication. However, any logged in user can also do this.
I’ll say that again: Any backend workflow that is public, even if it requires authentication, can be run by any logged in user. This will be constrained by the privacy rules of the user that made the request. Be very mindful of which endpoints you make public, and be sure that you’re fine with any logged in user being able to call that endpoint because depending on its contents, that could lead to dangerous behaviour / exploits.