When User raise a request for Access. User's Manager needs to approve the request through email.
The email will have Approve and Reject link as API endpoint URL.
i.e.,
Approve - https://example.com/api/approve,
Reject - https://example.com/api/reject
When Manager clicks either of the link, it hits the endpoint and their response is Captured in Database.
There is Complexity here, for better understanding I will go with example.
If the actual approver manager is AAA@ymail.com, and the user request is send to AAA@ymail.com.
If incase the Actual approver forwards the email to other manager BBB@ymail.com and if he/she approves from the email, then it needs to identified and the response should not be captured in the database.
For your Information,
1. Our Web application is developed in ASP.NET.
2. Manager doesn't have access to UI.
What I have tried:
I had an idea of sending API endpoint URL with TOKEN.
Is it possible to verify the responded user is whether the actual manager or different manager, when the response API endpoint URL is hit???
Looking for an approach to authenticate the authorized user.
Thanks,
Vaithilingam Alagappan