Hello again, people must be getting annoyed with my questions by this point.
I was wondering if it is possible to setup the write API plugin so that a user can only have access to certain routes. Specifically, I am looking to create a user token, that only has the ability to create other users. I have a third party application that someone can login to the forums with and, if they lack an account, create new accounts with.
Due to how the write API functions, or at least from what I can gather, once they have a token they can do anything their user can do. Is there a way to achieve what I am attempting, or perhaps a better method?
P.S. As a side note, and probably something that should be it's own topic, is it possible to login to the API/forums via a token based system? I want a user to be able to login with their username and password then store a token or something similar that will 'keep them logged in' as it were as long as the token is valid. I'd imagine doing this by storing the token, then logging in via the token itself, instead of a username/password.