Closed chronark closed 2 years ago
I dont't think we should couple the auth too tightly with P&F and i would therefore vote for an additional auth service.
This auth service should also handle authorization and billing of API usage.
For a good UX it would also be nice if the user does not need to remember an extra login and could login via It's integration page. Maybe something like an oAuth flow with shopify/saleor/strapi usw.? But this would be something for the far future and should only be considered in the architecture but not implemented yet.
I would also prever to use something which is already existing instead of reinventing the wheel if possible. Like Auth0 for example.
Without having read anything in depth about that zoho service, I would try to stay away from it. If it's anything like the inventory api, we are going to cry a lot.
Audience
@tilman @JannikZed
Summary
The ECI graphql endpoint needs authentication. Probably either using JWTs or static tokens.
Detailed design
JWT
Token
The P&F server can send a static auth token.