Conditional exposure of the custom objects data (including related attachments) for unauthenticated
We have a requirement to make some information publicly available through DCS.
We've created a custom object named PublicData_c. Public access to the PublicData_c should be conditional (field isPublic_c == true). There is another related custom object Document_c with child attachments. Roughly, the logic is as following: if PublicData_c.isPublic_c == true show the fields PublicData_c.F1, PublicData_c.F2, PublicData_c.F3, Document_c.F1, <a href="[url_value]">Document_c.Attachment.FileName</a> in the oj-table.
What is the best practice to implement our requirement?
Option 1. Make all the required configurations including access control on the back-end (B2B) and call crmRestApi endpoint directly from the DCS