|
|
|
|
|
|
by MichaelGG
3079 days ago
|
|
|
What is the client? OP says API which sounds more machine to machine. If you mean the API powering a site, used from the client's browser, then sure. Track separate logins, then give them a control panel to see where they're logged in. But most clients store their user/pass in their browser anyways so I'm not sure it's a security win for preventing credential loss. You don't lose re-auth. The master system issuing API keys can revoke keys, too. But anyways maybe we're talking about different contexts because I don't understand the scenario you're describing. |
|
|