I'm making a distributed system for my exam project, but the client have a weird idea when it comes to the webpage, that we havent learned about...
If customer A (my clients customer) opens client.com/Customer, an API should be used for customer A's DB data retrieval
If customer B uses the same site customer B's API should be used instead...
Any good way to differentiate API update a single API connection by the caller of the website?

  • 0
    Can't you tell who's using the website through some form of authentication? If so, you could assign roles or permissions to each client that allow them to use parts of your api.
  • 0
    @nitnip surely, thing is.. client dotn want any auth. What so ever -.-
  • 0
    @BitByteBoolean maybe by "auth" they just mean having to log in manually. Just passing a token in a header might not feel like "auth" to them.

    You need to have a way to tell your users apart.
  • 0
    @nitnip uh any good resource for me to look on this token thing, or could you explain ? I know it was just "no log in auth" so if it can be done without i guess it is fine 👍👌
  • 0
    It's too broad a subject and I'm no expert. You can implement it in many ways.

    Maybe you need every query to your site/api to have a certain key:value pair in the header.

    Or maybe as a query string value. ( /get-customers/?customer_id=1&token=21kjh3jk21h3jk21h3kjh)
  • 0
Add Comment