I am building an SPA with a backend API that will be used by multiple companies, with each company having several users.
The problem I am facing is that if I have 2 users, one from company X and one from company Y, how can my backend know which company that user belongs to so that it can return the correct data to the user?
Do I add permissions to the users e.g. company:companyX & company:companyY so that my backend can distinguish between the users?
Or is there another (better) method for doing this?