I am working on a online market platform which connects to different partner systems to manage my partners users. I am not that experienced so that why I need some advice AND/OR a better concept for my system.
Problem: My system is connecting with simple web-services to multiple different partner systems (number is increasing) which allows me to create and deactivate users in the partner systems backend. Right now I am forcing every partner to implement the same REST-API web services (CREATE, DEACTIVATE, DELETE users) on their side so that I can connect to them and manage their users with simple AJAX calls from my frontend (see attached screenshot).
Question 1: -> Every partner has a different system and I would like to make the partner’s effort and integration easier. Is there a better way to standardize the integration of all partner’s to my system since they are all implementing the same web services? If yes, is there a better way to secure the web-services without a lot of effort?
I did some research and come up with some other ideas:
1. Keeping those web-services and secure them with JWT, OAuth or other keyValue pair. This could be a bigger implementation for the customer?
2. Use just one single web-service with different parameters to keep it simple
3. Using webhooks instead of web-services?
-> Do you have a better concept? Advantages or disadvantages of those?
Question 2: The REST-API web-services which the partners are implementing are just secured with HTTPS and don’t have any other security features. Some new customers could not be just concerned about the implementation effort they could even be concern about the security as well.
-> If I keep the concept of forcing partner to implement the mentioned web services, is there a better and easy way to secure the web-services without a lot of effort for them?
I appreciate every suggestion
Important: Please provide a short description of your concept with your proposal.