I’m making a custom app that does like a ticket system from branch sites to a central site. This is the scenario:
Site A ———> Site B <——— Site C
A and C are the branch sites, B is the central.
A would click a button that will send post request
to create new ticket doc in B.
In standard frappe scenario, the user in B would give its user’s key/secret to A and C for them to access api in B.
But in my scenario, the A and C should be able to access B without knowing the B’s key/secret beforehand (because B would not know which sites will access so it can’t give the pair to any sites freely).
The A can do this with the /user.generate_keys
api to get B’s secret and /User with api_key field
to get the B’s key.
The same can be done by C to access B.
The problem is when C do the same, the request will generate new secret.
Hence when A want to access B again, the key/secret has changed so A can’t reuse the key/secret pair it already got. A has to generate a new secret again.
Is this generate-new-secret-everytime is the way to do it?
Will it add more burden to B to generate secret everytime (think of many sites instead of just 1 or 2)?
What is the more proper way to do such multi parties scenario?
I’m also thinking of using B user’s usr/pwd to access the B api if this is possible.
I’m using version 12 so there is no streaming module like in v13. Even in v13 the key/secret would be generated by B.
Thank you.