We have a custom warehouse operations web application that integrates with Acumatica via the REST Contract-Based API. The app has its own user authentication system with individual named users (warehouse staff, receiving clerks, etc.). All API calls from our app currently go through a single shared service account, so every receipt, transfer, and AP bill created in Acumatica shows the same username in audit logs - we lose individual attribution entirely.
We are aware of Option 1 - storing each user's Acumatica credentials in our system and logging in as them individually for each operation. This is the obvious solution but comes with real tradeoffs: every warehouse user needs an Acumatica license seat, credential storage and session management gets complex, and we'd need to manage separate Acumatica sessions per app user.
Our question: Is there a supported or recommended approach in Acumatica to pass the identity of the originating user through API calls made by a service account, without requiring individual Acumatica user accounts for each operator?
Specifically we are wondering about:
Is there a header, field, or API parameter that allows a service account to specify an "on behalf of" user that gets recorded in the audit trail?
Has anyone solved this with a middle-tier approach, for example a per-user OAuth token that still maps to a single licensed seat?
