mlandauer
commented
6 years ago Then, also the smtp server can use the smtp credentials to access the graphql api and use that to send the email. That way the smtp server requires no "special" access to the graphql api. It's just acting on behalf of the app that's sending the email via smtp.
Currently with the smtp username and password you can send an email for a particular app. This is a way to seperate the authentication credentials for different apps from each other. All well and good.
With the aim of replacing the current admin interface with one that uses the graphql api on the backend we do authentication via an api token that is tied to the administrator.
However, it would make sense for an app to have access to the api in a way that is scoped the same as the permissions for sending an email via smtp.
So, it would make sense that we allow api access via the same credentials that are used for SMTP and only allow the api in that case to access the one app.