OAuth is the best way to manage access control.
Discription

WHAT: You need to know what data is being accessed and how it’s being used, so you can make sure that only authorized users are accessing your data in a manner consistent with your security policy. We recommend using JSON Web Tokens (JWT) as the underlying element of your API authentication and authorization strategy. Our JWT Server is more than an out-of-the-box solution for authentication and authorization; it also provides a comprehensive set of tools for managing user identity, including support for multi-factor authentication (MFA)
https://t.co/uJ6o00uJml

Back to Main