RESTFul User Registration: Should a RESTFul POST call to my server must be authenticated as well?

And if it has to be authenticated, how can I authenticate it since user has not registered with my site yet?

Details: I'm trying to write a client for mobile device (Symbian) that has to deal with registering the user with my site. Based on my the knowledge that I have gained so far about REST, is that all HTTP requests must be authenticated. But in case of registration, I don't have any user details in 开发者_C百科my backend. How does one deal with this situation?

Following is a snippet from the rough design I have in my textmate:

- Resource: UsersResource
- URL: /users
- Who can invoke?: ALL
- HTTP METHOD: POST
- Representation:
    -- MediatType: ProtoBuf
    -- Request:             
        {
                user_id
                passphrase
                full_name
                email_address
                optional home_address
                optional activation_code 
                optional locale
                optional timezone
                optional security_question
                optional security_answer
        }

Sorry, this may sound like a very stupid question but I searched on Internet for hours together and did not find any specific answer. The closest I found was that "image-text" challenge, where the server sends an image with human readable text and ask registrar to enter them before sending it to server. But I guess that is done to avoid spammers from creating fake registrations/accounts on server.

Any suggestions/inputs, welcome.

Thanks for reading my question.

No all requests do not need to be authenticated.

What you have probably heard people say is that if you are accessing secured resources then you must send authentication on every request. You cannot rely on the server maintaining some session state that indicates that the user has already authenticated on a previous request.

This means you are free to access unsecured resources without any form of authentication.