Using Pega from a custom frontend via APIs
Hello guys,
We were trying out the following setup:
use Pega as a backend only from a custom frontend.
The issues we have encountered that do not really make this possible:
- the ootb pega rest api requires basic authentication on all endpoints and provides no way (we could not find) to handle sessions. This does not make it possible to call it solely from a client only. A server is needed between pega and the frontend to make it secure (eg. handle sessions).
- the pega api rules are marked as final api. This does not allow easily adding CORS headers to the responses. This also requires the proxy server previously mentioned between pega and the frontend.
- the apis run with a specific access group. How should we provide api access to different access groups?
Additional question:
- how would users that use external authentication call pega apis?
Thanks!