XML-RPC allows third-party applications to interact with WordPress from outside of WordPress.
These third-party applications can be other blogging platforms, desktop clients, custom-built software, and mobile applications.
So, if you are not using any third-party applications to access the data of your WordPress website, I will recommend you disable it for security reasons.
If you decide to keep it enabled, you may end up losing your website as it can introduce vulnerabilities to your WordPress website.
You can use the below code to disable XML-RPC in WordPress.
/** * Disable XML-RPC in WordPress */ add_filter( 'xmlrpc_enabled', '__return_false' );