JTL-Connector uses an authorization token to authenticate clients and authorize access to the endpoint. This token is entered as synchronization password inside JTL-Wawi. As JTL-Connector strives to be as flexible as possible it does not enforce a certain procedure on how to store this password. It thus delegates this task to the endpoint, communicating via an object of interface Jtl\Connector\Core\Authentication\TokenValidatorInterface.
This interface consists of the method
validate(string $token): bool. It returns true if the given token is valid, false otherwise.
You are free to store this token wherever you want, be it a settings subsystem available in the targeted shop or a simple plain file. However, if there is any possibility to access backend configuration settings from your endpoint we recommend that you use the shop’s standard facilities to store the token. This ensures that your users can freely renew the token if they want to.