Hi,
We're mainly using dotCMS as a headless CMS with a custom REST API (plugin) disclosing certain data to the frontend apps/systems.
This itself works fine, but now I have to implement user management, accounts and permissions and was hoping some of you have some suggestions about best practice.
Going over this article (
https://dotcms.com/docs/latest/user-management) I understand the difference between backend and frontend users in a non-headless CMS scenario, but am I correct to think that in my case (headless with API) all user accounts would need to be backend users?
And once a user has authenticated, is there a default way to have that user add a token to any future requests to the API (like a session) so he doesn't constantly have to pass his credentials?
If anyone has any suggestions about best practices that would be much appreciated.
Thanks
Arjen