Typically this is done in the communication between web client & server. A commonly used mechanism is via the use of JWT (JSON Web Token)
Thanks Bruno. I have spent months (Years) deciding on how best to render this portal. From MS VS, to just writing a isapi DLL, to using a front end tool. I am hoping that TMS Web Core is ideal for the job. I am not sure about using TMS XData in case making the whole stack proprietary causes an issue for the future. The world changes and suddenly.......
From a security perspective, I think that TMS WEB Core is quite equal to technologies such as angular, vue.js, ... and several more SPA model web applications relying on REST service calls for connecting to the server. The good practices advised for angular for example should be applied for TMS WEB Core as well, that is, use HTTPS REST API calls, use JWT for authentication or OAUTH2 for cloud service access. It is on our todolist to create a sample using JWT that connects with TMS XData but a similar setup should be used when connecting to other server technologies such as node.js, Embarcadero RAD server, ASP.NET Core microservices, ... We'll look to bundle some good articles discussing the best practices for each of these technologies that Delphi developers might most likely use as starting points in the coming weeks.
Thank you Bruno, the less head scratching, where to go next, the more chance I will adopt a solution. Cheers,