I’m using M2M tokens for other backend servers to directly access my API by issuing tokens through the client credentials grant.
The backend server will use this token to access my API servers times over the next 12 hours.
What is the best way for them to store this token? I see many articles describing how to save these tokens on client side, but what is the best practice for M2M tokens?
I am using Node.js for the backend, run on AWS Lambda.
I have the developer pro plan, so I received an answer from support. There were two options provided: (1) I could switch over to using a Password Grant [Call Your API Using Resource Owner Password Flow], or (2) I could cache tokens on my backend and essentially wrap the /oauth/token endpoint.
I believe option (2) would require me to validate the M2M key pair on my own in the case I return a cached access token, so I’m going with option (1) for now. I’ll update when I get a solution working!