lundi 30 janvier 2017

Laravel API Project - Design and Authentication

I am tasked with building an external API for customers. Without giving any business data away, the database consists of our entire workflow. Events generated, associated tickets and other information, all distinguishable by customer.

I want to build an api with very simple endpoints. For each table, say tickets for example, I wish to have two endpoints:

/tickets            #will return a list of tickets and general information
/ticket/<ticket_id> #More detailed information about the specific ticket

For any customer that authenticates, these routes will only return those DB records for which they are associated.

I have not written a system like this in Laravel before. Am I correct in understanding that Passport is the way to go? I guess I am asking if there are simpler ways to do authentication of this type securely (is Passport overkill)? If we have a small set of customers, and are fine with setting up their authentication for them, would certificates be a better way to go? Or is OAuth2 such the industry standard now that not using Passport is a mistake?

If Passport is best, is it better to have the OAuth2 server and application server be separate sites, or can they be combined into one app?

Thanks for any advice.



from Newest questions tagged laravel-5 - Stack Overflow http://ift.tt/2joJTOX
via IFTTT

Aucun commentaire:

Enregistrer un commentaire