Our users create orders via an external online platform. This online platform sends our API any orders created by our users. How can we safely ensure that these orders were created by the user the online platform says?
We are investigating sending an authentication challenge for each order received via email/sms. This could become tiresome for operators creating orders all day though. Is there a better pattern?
Aucun commentaire:
Enregistrer un commentaire