At Woodcore, the security of our users is of utmost importance. We have designed a high-level security system using best-security tools and practices that meet industry standards to help keep your data safe.
To achieve this, we use an Authentication and Authorization process for tenants on your system. Woodcore has three-way access for different users of its system (API, console). This access depends on the system in use.
The Woodcore Approach To Authentication
Woodcore allows you to create a console user or programmatic user access right on the system — thus, all roles and permission applied to any of these users will affect the activities they carry out on the system.
This is primarily for API users. The user has access to Woodcore through APIs only. With programmatic access, the user would not be able to access the console. This access is also role-based, meaning that if you DO NOT have permission to create a customer, your API keys will not be able to create customers.
A user granted API-only (Programmatic access) can only access the roles and permissions assigned to them. For example, the user can only create a client transaction.
See the Generate an API key section for more information on how a programmatic user can generate an API key.
This is specifically for console users. The console access allows the user gain access to the console and carry out operational activities of the console based on the role and permissions set by the organization.
The super access has both programmatic access and console access to the system. This means a user who has super access can access the console and the API. Super access is usually given to a user considered the head or a key stakeholder of the organization.
For security reasons, no one should use superuser access.
In the next section, we will discuss the Woodcore authentication process.
Updated about 1 year ago