The client id and secret, together with a user logging in, is what authenticates, and generates your initial access token and refresh token.
The access token is then valid for 24 hours. After it expires, the access token can no longer be used.
The refresh token, provided it’s valid, can be used to generate a new access token and refresh token while the old refresh token is made invalid.
I’m not sure how long refresh tokens are valid, maybe weeks or months??
When a new access token is generated through a refresh token, this doesn’t require a user to login.
You only need to authenticate the first time.
In theory the new refresh token can be used to generate a new access and refresh token over and over again until the end of time. But if something changes, or if there’s an internet connectivity issue, and error, etc, where the new refresh token isn’t stored, and you’re stuck with the old one, then you’d need to re-authenticate by having a user log in and authenticate to generate your initial access token and refresh token all over again.
There’s info on the REST api here:
https://developer.infusionsoft.com/docs/rest/#!/Account_Info/getAccountProfileUsingGET
You can also authenticate on the page there and then get to work testing various endpoints with the authenticated access token.
This page covers the general overview of how this would work:
https://developer.infusionsoft.com/tutorials/making-oauth-requests-without-user-authorization/#introduction
I haven’t worked with the infusionsoft api through Python before, but I have a strong knowledge of how it works as far as PHP goes.
This Python library looks promising and what I’d recommend for Python:
You might also try posting through Postman to see how using a refresh token works.
Then write the Python for it.