Hello.
We are using single loraserver for multiple companies.
Every company has a separate custom server that communicates with loraserver via MQTT.
Every company server is bound to one application of loraserver.
For security we use MQTT ACL to restrict access per application.
For some operations we need REST API. I understand that REST API uses global JWT token for authorization.
Is it possible to configure per application access for REST API?
This is not (yet) possible, but something I would like to see is to improve the way how API tokens are being generated and validated. Currently the only way is either generate your own JWT token or use the /internal/login endpoint to generate a JWT token. Either way, the scope is the user-account.
This will require some refactoring, but would make it easier to provide API tokens (using just the web-interface) with a limited scope (e.g. per application).
Interesting, your setup in the original post wasn’t clear to me. Is there a reason you didn’t assign each company an organization and use organization-specific users?