How to reflect the API that can be accessed without authorization in the report

[Jack Chai]

When I test a group of APIs, some need authorization to access, and some can access without authorization. How can I reflect these unauthorized APIs in the report as risky APIs?