No that’s not what I am after. We are working on an API that will be made publicly available to our customers. That API also needs to be secured. We really don’t want to push the burden of requesting access tokens onto the customer (client credentials grant). Long-running API keys are really the only solution for us. For example, GitHub gives you the ability to generate personal access tokens that do not expire and are also able to be reset and deleted.