I have a question regarding with authenticating infusionsoft API via OAuth 2.0 and API Key as I am not sure which method works best for my situation.
Let say I have an application that wants to pull some data out from a user account via infusionsoft API. I was thinking to follow the OAuth 2.0 flow. But there is one thing that confuses me.
Does that mean the application will require to request permission to interact with infusionsoft application all the time while the token is expired?
Can I store the access token in database, and when the token is expired (let say, in 3 days ago), I can re-use the most recent access token granted to request for a new token?
Updated: I just found this page which talks about this. However, I am still not too sure what it means with the last two points. (See highlighted in bold text below).
Please note that Refresh tokens are no longer able to be used if one of the following criteria happens:
- The refresh token is used.
- Permission is given for access to the same user on the same Infusionsoft application for the same developer application.
- The refresh token is older then 180 days.