Altru Ideas

We value your unique insight into our products and services and often receive ideas and feedback from our community in a variety of ways. To streamline this process, we’ve created an idea bank where you can post product suggestions, vote for those most important to you, and add comments to existing ideas.

"Read-Only" access or user account for use with API connection

We are attempting to utilize an OData feed from Query on one of our website pages.  This has brought up some questions in regards to PCI compliance given the fact that an account must be specified to log-in to the API.  PCI compliance states that every individual should have their own user name and password for a given system.  In this case, we will obviously be creating a separate account for OData feeds, as we would not be in compliance if we were passing around our own credentials.

It is great that the credentials must be base64 encoded, to pass to the API, but this account will now be sitting on a public server where if it did actually get hacked, that account would have many system roles associated where a lot of damage could be done by logging into Altru.  Given the fact that we need many system roles to access various tables and fields in Query, those would have to be assigned to this OData user account.

Is there any way to obtain a "read-only" connection or system role to utilize within public webpages for OData and/or API feeds?

  • Guest
  • Jul 6 2016
  • Reviewed
Query
Customer references The Strong
  • Attach files

Related ideas