Load configuration file from request call (header or subdomain)

Hello all,

I have developed an API with Apigility + Oauth2 for a specific client needs and now he would like to resell the tool to others in his industry (white label).

The api reside on a subdomain such as “api.theproject.com

I ‘am not quite fixed on how to adapt the project, but my first thought would be:

  • Clone databases including oauth2 db for each client
  • Avoid duplicating business logic files. All clients will ping the same API
  • Each client will have their own subdomain {clientkey}.theproject.com
  • Load config file from one or the other
    • Variable in header request
    • Subdomain of the request using $_SERVER data

I will then produce config file {clientkey}.client.php for each client and their specific data. Load the config file as suggest in here Advanced Configuration Tricks - tutorials - Laminas Docs

I will have to adapt all CRON jobs since my client key will not be provided as describe.

Does this make sense?
Am I missing something concerning best practices or security?

Thank you