Best practices for user (role) authentication in generic web services
Hi all, I have a question about the user (role) for the autehntication (basic) of the generic web services (changing data between apps to manage personal account info). We now use for all the web services of different customers (which have no account in our app) this same user and web service. I am wondering what the best practises are you use in a similar situation: 1 - Is this okay or is a user account still needed? 2 - Do you make a seperate user role for the user of the web service or do you use existing userrole who has enough rights. 3 - any other advices? thanks
In a previous project, we created a specific user role for web services and a specific on for each different Mendix application. This allows you to strictly set the access of each of the applications to one another.
I think it makes sense to have at least one specific Webservice user role, since you don't want other users to access that functionality.