Of course, for security terms another approach it will be implemented like create an APP_ID and APP_SECRET to get an access token or something like that, in the current example credentials are returned to show the result but I think in a real implementation using a token approach it will be enough to handle the database connections under the hood.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Great article. In terms of security, I would not expose the DB credentials of a tenant on the API. At least not unencrypted.
Would like to see, what ideas you got in terms of security. :)
Of course, for security terms another approach it will be implemented like create an APP_ID and APP_SECRET to get an access token or something like that, in the current example credentials are returned to show the result but I think in a real implementation using a token approach it will be enough to handle the database connections under the hood.