When and Why to Use External Users Instead of Regular Users
In RCOM Gateway, user management is designed for flexibility, to support not just your internal operators and engineers, but also vendors, customers, and third-party systems that need controlled access to your data and APIs.
While standard users access the RCOM Gateway through its web interface with roles, permissions, and dashboards, External Users are purpose-built for secure, API-only interactions.
So, if you’re wondering “Why not just create a normal user?” The answer lies in security, isolation, and control.
What Are External Users?
An External User in RCOM Gateway is a lightweight account that authenticates exclusively through REST API calls.
These users do not log in to the Gateway interface. Instead, they use Basic Authentication (username and password) to push or pull data through specific API routes that you assign to them.
For example:
A logistics vendor might need to submit shipment updates via /RCOMENDPOINTAPI/pallets/receive.
Instead of giving them full platform access, you simply create an External User, assign this one endpoint, and they can securely send data — nothing more.
Why Not Just Create a Normal User?
Creating a standard user works fine for people inside your organization, but it introduces unnecessary risk when shared with external systems.
Here’s why External Users are the smarter choice:
1. Interface Isolation — No UI Access
Regular users can log in, view dashboards, and explore modules.
External users cannot. They interact strictly via API calls, eliminating any chance of unwanted UI exposure or configuration changes.
2. Tight API-Level Permissions
When you create an external user, you explicitly assign the API endpoints they can use, nothing beyond that.
This limits integration access to a specific data flow rather than the entire platform, preventing misuse or accidental modification of unrelated data.
Example:
vendor_shipment→ allowed only on/api/shipments/inboundiot_bridge→ allowed only on/api/device/readings
If they try to call any other route, the request is automatically rejected.
3. No Role/Group Complexity
Internal users require careful mapping of Roles (what they can do) and Access Groups (where they can do it).
External users skip this layer entirely; they’re lightweight, direct, and purpose-specific.
That makes them ideal for integrations, IoT connectors, or automated scripts that don’t need dashboards or workflow access.
4. Auditability and Security Separation
Each External User has unique credentials and API access logs.
You can easily monitor when and how they interact with the Gateway, and revoke credentials instantly without affecting internal accounts.
This ensures compliance and clean traceability, especially in multi-partner ecosystems.
5. Ideal for Vendor, Partner, and Machine-to-Machine Integrations
External Users are best suited for:
- Vendors submitting data directly to your
RCOM Gateway - Partner systems that need controlled write access
- API-driven applications (e.g., mobile, warehouse robots)
They act as a secure handshake point between RCOM Gateway and the outside world, without opening your main system doors.
Benefits at a Glance
| Scenario | Regular User | External User |
|---|---|---|
| UI Access | ✅ Yes | ❌ No |
| API Access | ✅ (all endpoints, via role) | ✅ (only assigned endpoints) |
| Access Groups / Roles | Required | Not required |
| Audit Scope | Full activity logging | Endpoint-specific logging |
| Best For | Internal operators, admins, developers | Vendors, APIs, integrations |
In Summary
External Users in RCOM Gateway aren’t replacements for normal users, they’re a different access model for a different purpose.
They’re the cleanest way to let external entities interact with your system without giving away internal visibility or control.
By using them:
- You enforce strict API-level permissions.
- You simplify partner integrations.
- You preserve your internal user structure and audit trail.
In a connected ecosystem where data exchange is constant, External Users are your secure, controlled gateway to the outside world, ensuring that your automation network stays both open and safe.