There is confusion, not on my part.
You wrote:
"In terms of what I am referring to TheBCMan is passing data out of an app and back in through 3rd party API servers"
To be clear, sorry for all caps but, NO 3RD PARTY SERVER! All 100% Javascript, all 100% on BC, all good!
I'm only talking about the SOAP XML API, not a REST API, not the open beta API, not the BC apps API, the old school SOAP XML API which you can connect to via Javascript if you want to, there is NO authentication token for the SOAP XML API, just a siteID and username and password.
Just to be clear I am talking about this API:
CatalystCRMWebservice Web Service
and
CatalystEcommerceWebservice Web Service
Here is how to authenticate:
<username>string</username>
<password>string</password>
<siteId>int</siteId>
There is no token required, you are confusing a REST API with the SOAP XML API that has been around for 10+ years.
Secondly, regarding putting credentials in the HTML, every post I did warned of this.
To anyone reading this:
- Liam is confusing a REST API with the SOAP XML API.
- Even if you needed an authentication token (which you do not) it still would be possible to use Javascript with said token.
- YOU CAN with Javascript in a BC app (admin area) access the full SOAP XML API. NOTE: You need to put usernames and passwords in the JavaScript so there is that security consideration.
- YOU CAN access the API with plain old HTML and JS from the front end of the site (in this case ONLY a 3rd party middle man server needed because I would never put login credentials client side).
- YOU ARE / I AM NOT breaking any rules or guidelines set out by BC or adobe because you are using plain old Javascript and HTML.
- Security is my number 1 focus on any project every time, I would not compromise security of any development work I did for easy of use or a cool idea. I would turn away work before compromising yours or my security on a project.