We would like to create a connection between Eramba and another system. To do this, we need an account that can access the Eramba API. However, according to the documentation, this must be a local account that uses only a username and password for authentication. We classify the information in Eramba as sensitive and consider access using only a username and password to be insecure. Is there a safer way to set up the authentication for this API-account?
Related question: Is it a bug that the field “task_owner” is missing in the API responses on the project achievement page? This field is present on the main project page.
not at this time, all those credentials are inside a tls connection. if calls are made from custom made systems challenging the identity of those calls should not be an issue.
Unfortunately. Do you also have an answer to the second question? If you could add that, we would be able to give the account only the minimum access rights needed. Since that field is missing from that specific page (but is present on different pages), we now have to retrieve the information from the “users” and “groups” pages. However, the API account can only access those pages with full admin rights. We’re not comfortable using a full admin account that’s only secured with a username and password for a web application that is accessible for everyone.
Question: api issues on the project module? i moved that here