IP-Whitelisting
OINO.cloud requests will be incoming from static IP addresses and you should only open those addresses in your database firewall. You can find these addresses from the Customer-page of your account. Used port depends on your database setup but it's a good idea to only open the relevant ports.
Database Users
It's recommended to create a separate login for OINO.cloud with just the relevant roles. This means normal SELECT/INSERT/UPDATE/DELETE rights (depending on which you plan using) and the rights read the schema.
API Configuration
In the API configuration you can control which fields of the table are exposed in the API. In case you have assymmetric needs e.g. inserting more fields than are read out, it's recommended to create multiple API's for the same table with appropriate rights for each.
Note! You can't limit access to API fields by hiding them with templates. Any attacker can circumvent that by changing the response content type for example JSON.
Token Rights
It's recommended to create multiple tokens with appropriate rights rather than sharing them in different usecases. Also it's a good idea to create separate tokens for different clients so that their lifecycles can be independently managed.
