Why we need SMTP on top of PHP mail server?

PHP servers (Ex Apache, Nginx) have a ability to send emails to destination using mail() function by default. Probably in local machines (localhost) need to be configured accordingly.

If at all, it reaches the destination properly, the dispatched emails will not benefit from the DKIM and SPF policies (where DKIM provides an encryption key, digital signature and SPF allows email senders to define the IP address which are allowed to send from particular domain).

Also default mailing server will have a limitation to send emails like number of emails per hour and the email deliverable is not guaranteed.

Failure / Bounce back messages cannot be tracked properly.

Due to above reasons, the emails are considered as Spam or not verified emails at the Receivers MTA (mail server)

SMTP into the Picture NOW:

To standardize email messages and verify the sender, SMTP should be used on top of PHP mail server.

SMTP will process emails messages into small fringes of text which can be identified by servers and SMTP provided codes to the server which can be decoded.

Also the messages sent via SMTP will carry DKIM and SPF signatures to verify the sender and place the emails in receivers inbox instead of Spam

So it is always recommended to use SMTP in PHP applications.

Drupal 8 and 9 - REST API Authentications

By default, in drupal 8 and 9, we will have two types of Authentication Providers. Basically these authentication mechanisms are used to protect the API from security threats.  

           

Both the providers are working in different manner.

Basic Auth: This will work with basic Authorization headers where we need to pass the valid user credentials to access the API.

$.ajax({
  url: 'my_drupal/entity/node?_format=json,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Authorization': 'Basic ' + btoa(username:password)
  },
  data: JSON.stringify(node),
  success: function (node) {
     // success logic here
  }
});

Cookie: Ideally, Cookie authorization work in such a way that how an authenticated users access the restricted pages in a browser.

Drupal will carry user session cookie in browsers to identify the users for any actions or access.

When it comes to REST API, it is additionally protected with x-csrf-token. It will verify x-csrf-token against user's session cookie for every API access. So you need to ensure the user is authenticated with the browser / postman (REST client) tool before sending x-csrf-token in headers. 

For Headless Drupal approach, the session values should be received from login API success response (headers) and that should be passed as Cookie header along with x-csrf-token like below

$.ajax({
  url: 'my_drupal/entity/node?_format=hal_json&foo=bar,
  method: 'POST',
  headers: {
    'Content-Type': 'application/hal+json',
    'X-CSRF-Token': csrfToken, // received from my_drupal/session/token
    'Cookie': 'SESS0944004040404=ibzSLyhVNhy4tnjfkfgjjg' // current user session cookie

  },
  data: JSON.stringify(node),
  success: function (node) {
     // success logic here
  }
});

There are additional authentication providers can be added using the module Drupal REST & JSON API Authentication

Drupal Rocket Chat - Windows Configuration Setup

Follow below steps to configure Rocket Chat in windows machines (Especially for developer's local system)

Download and install Docker for Windows
Create or open a directory you want to hold the content of your server
Create a file named docker-compose.yml based on our example
In the same directory as the above file, run the following command and wait for the server to fully start, takes a couple of minutes

docker-compose up

docker-compose logs -f rocketchat

Access your Rocket.Chat server at http://localhost:3000

Source: https://docs.rocket.chat/quick-start/deploying-rocket.chat/other-deployment-methods/windows-10-pro