- Topic is Locked
The process to obtain an oauth token currently requires a user to click an allow button on a webpage, making it unsuitable for use in batch processes or by 3rd party apis.
To integrate our application with Cintoo, we currently have a process where someone has to obtain a refresh token manually, paste it into our api configuration, and our api will attempt to refresh the token perpetually. However, in the event of a failure to refresh the token, we then require a manual intervention to restore the api to a good state. As detailed in another post, this week we have observed multiple failures to refresh the token. It also requires our process to be running nearly continuously, we cannot spin up or fail over to a new environment without a manual intervention to supply a token.
Instead we would prefer a Client Credentials Grant flow, allowing each api instance to be restarted in a known good state after a failure
An update of the API documentation was done on Fri. 6 OCT.
The section 'Authentication' of the documentation better explains how to proceed.
Note that the first acquisition of the tokens pair ('access_token', 'refresh_token') requires a manual step for security reasons, then the refresh can be fully automated.
That's the reason why we won't keep this feature request in our backlog. Thanks again for your engagement and your feedback. Very appreciated!