API Authorization

I’d like to use the XML-RPC API (REST doesn’t yet support my desired functionality). I’m reviewing the new OAUTH2 requirements. It appears that a user who is using a site which accesses Infusionsoft via the API, needs to login via Infusionsoft. Does this mean that anyone who uses our (eventual) website would need an independent Infusionsoft user account? I’d actually prefer to create a single “API User” account which would be used for all web/api access.

Am I misunderstanding the authorization process?

In terms of using OAuth, your client is you. So if you run the auth process you will then have to maintain the refreshing of the token set on your back end every 24 hours to prevent having to use the allow/deny page again.