Hello all,
I’m not sure if this even logical to have a limited Basic authentication for the username and password as just to read-only and another account for POST and GET ?
You might have better control of this via some sort of middleware API that authorizes certain endpoints/verbs based on credentials and not others.
I agree with @Aaron_Moreng. I’m not sure this is best managed within Epicor. I’d use a 3rd party service.
Thanks @Aaron_Moreng and @chaddb for the input, really appreciated. Would you mind sharing which 3rd party? or is it confidential information?