Hi,
We have an API as a proxy between web client and Directus.
We learned that we can create a user with a static token to authenticate along with certain IP addresses.
Are there any more suggestions in the community from someone with earlier experience that means better practice?
What is best practice to authenticate from a proxy API?
I’ve done both a forwarded token and a static api token in different deployments.
I tend to use static tokens when I don’t have any users or authorizations in directus itself and handle the authorization in my API.
But sometimes it is nice to get a good revision log in directus, in those cases I tend to create users in directus and connect my own api authentication to directus’ so the revision logs in directus contain changes recorded with the proper user.