Hello all,
I have developed an API with Apigility + Oauth2 for a specific client needs and now he would like to resell the tool to others in his industry (white label).
The api reside on a subdomain such as “api.theproject.com”
I ‘am not quite fixed on how to adapt the project, but my first thought would be:
- Clone databases including oauth2 db for each client
- Avoid duplicating business logic files. All clients will ping the same API
- Each client will have their own subdomain {clientkey}.theproject.com
- Load config file from one or the other
- Variable in header request
- Subdomain of the request using $_SERVER data
I will then produce config file {clientkey}.client.php for each client and their specific data. Load the config file as suggest in here Advanced Configuration Tricks - tutorials - Laminas Docs
I will have to adapt all CRON jobs since my client key will not be provided as describe.
Does this make sense?
Am I missing something concerning best practices or security?
Thank you