Two years ago I posted about creating a web service, and decided to add the web service (API) to an existing NT app. This has worked very well. I store user credentials in a tps file with the password stored as a salted hash. Authentication is done with code in the WebHandler Authenticate method. Users can log into the NT app and use the API, all with the same login and password.
I have a user who now wants to create their own program using R-Code, to send data to the NT App via the API. Here is a sample of their R-code:
response <- POST(url=paste0(host,path),
Using their username and password, they successfully add data to the NT app. There won't be any user interface involved, just their R-Code running from another app they created, to send data to my NT App via the included API (Web Service). However, the user has a concern about "hardcoding" their username and password into the R-code they created. I have the following questions:
1. Is this a valid concern, coding the username and password in their R-code?
2. Is this technique, using a username and password to access a web service/API, the preferred way?
3. I use another unrelated API, where I send a key/code to the API. It does not involve a username and password. I'm not sure how or if this can be done with a NT API/Web Service. Can this be done in NT? If it can, is it a better way to authenticate?