We currently use the API Gateway with a basic user in the Administrator role and
grant_type=password to get a bearer token for API calls.
This approach feels outdated and risky (handling passwords, full admin rights).
Is there a more modern or secure method available - or planned - for XProtect? Ideally something that supports Windows domain users and Kerberos, since we’re in an AD environment.
Is there already any other option or is Milestone planning improvements beyond ROPC and basic accounts? Any examples or best practice guidance would be appreciated.