I was looking into M2M and it looks super easy. I’m just concerned with the limits on it, for the free and essentials options. The 1,0000 authentications doesn’t seem like many and I assume it could run up really quick. I do like that I can only give the m2m application scope of uploading and it can’t do anything else after that.
I considered the device flow, but wasn’t sure how long the session would live for. For security reasons, I don’t have a session last that long after it’s created. Once the browser it closed so is the session. And I think I made re-login only 24 hours or so.
Is there a way to for the user to store their password and the system do a basic username/password/client secret thing to get the auth token? I’m not sure how secure that would be either, but at least the user is still in charge of their password and it would be encrypted in the settings file. I"m just spit balling and trying to come up with a secure option that doesn’t annoy my customers and makes uploading files to me seamless.
My other option is doing an sftp server with a stored username and password too. I don’t like that idea because, the cost of yet another server and anther set of user accounts I have to manage. I might have to anyway, it seems sftp is kind of industry standard for the area I’m working in.
I know once I move to the professional package (which I see/hope happens later) the M2M addon is available. Does that give unlimited m2m authentications? I don’t see much info other that “starting at”.