It is advised that using Gitea APIs for customization. It seems to be better to have another web application as a client of Gitea APIs for any customization functionalities. One way to handle the security is to obtain a security token first by calling …/api/v1/users//tokens and use the token for any following API calls. To do so, the client application needs to know the user credentials of the Gitea. A simple way to achieve the goal is that the user credentials for the client application are the same for the Gitea.
Any better alternative approaches if there is a user administration management system out there?