USER Management API Best practices.

Not applicable


I want to know the best practices followed for User Management APIs like Forgot username, forgot password, change security questions and answers and change password etc,

first of all, can we expose these services as APIs. or can be controlled only at enterprise like login service.

I saw in many APIGEE videos. login page is exposed from Enterprise IDP. and Authorisation done from APIGEE. So in this case if we display the enterprise login page to the end users to login,, we cant keep any other user management apis references in the login page. because those api's user journey is managed by consumer application.

what is the best way to handle these use cases. especially in the case where forgot username and password links should present in the login page.



0 0 256