Current behaviour

External sites need to manage logins themselves and then they can leverage the SSO API (undocumented iin ActiveDocs) to log that user into the 3scale developer portal. There is no way to allow a 3scale session to be created via API using the username and password directly. The existing SSO API is a link to the devleloper portal with a token that allows login via that link but it currently only requires the username and no password and does not generate a token or session key that could easily be embedded in subsequent API calls from that external site.

Expected behaviour

Allow external sites to create a session securely via API using the username/password which then returns a token. This token can then be passed in subsequent requests to the Account Management API to enable secure operations from the external site.