Good questions. To your first, you’ll need to define users/roles within your DSP - this comes with a bit of a learning curve, but the concept is easily implemented once understood.
Please have a look a this documentation on user management:
As far as your second question, the new release (still pending…) has functionality to support stored procedures. Simply create your JOIN queries within the stored proc and then call this with a REST call.
I just defined a group “Users” which have API Access to my services.
So did I understand correctly, that you have to be logged in to use the api or is it useable without any session id, too? I’m asking due to security.
As far as being able to access this without logging in, that’s related to guest users being enabled or not. You can give different levels of access to your guest users depending on what you’d like them to access or not. Guest users do not have to login. All of the permissions that you give them are allowed outside of logging into the DSP.