We are currently building HRIS automation capabilties over the Adaxes API and it works quite well.
The main issue we have is that Adaxes API works with simple username and password authentication. Which is unsage and against our zero password policy.
The web UI is authenticated with SAML currently, and that's perfect for us.
Regarding the REST API, is there a way to improve the security by moving to one of those option (sorted from the most prefered one to the least one):
- OAuth2 via the web UI
- Certificate Based Authentication