Is a single User interaction during Authentication still correct?

Scott Traczyk · April 11

We are looking to create an automation to load data into the General Ledger using the API. We want this to be run from a headless system without any user interaction required for it. The authentication requires a user to create the initial connection to the API and according to these forum posts below after that the headless system could refresh the token and process and no longer needs the user to authenticate. These posts are old (2017 and 2020) so I wanted to verify that this is still correct, that once the initial connection is made our headless system could use the API without any user interaction and that there is no expiration date that would require the user to re-authenticate?

Alex Wong · April 11

@Scott Traczyk
“headless” authenoization is the same still.

However, it does expires. the intial user authentication will give you authorization token that's good for 60 minutes AND a refresh token for 365 days. You will use refresh token to get new auth token (again good for 60 minutes only) to make SKY API calls with. When you call the auth api to get new auth token using refresh token, you can also request to have the refresh token's expiration extended to 365 days again, so in effect, while it does expires, as long as you regularly refresh you will not need user authentication again

Scott Traczyk · April 11

@Alex Wong Thank you, that answers my question, we currently expect the process to run at least once a week so that refresh token will be updated frequently enough to prevent it from expiring.

Is a single User interaction during Authentication still correct?

Comments

Categories