Could someone explain the best grant type for a headless Node.js reporting service? I need to pull historical analytics via /api/v2/analytics/interactions/summary. My current implementation uses Client Credentials, but I’m unsure if I should switch to Authorization Code with PKCE for better token rotation handling in Express middleware. Here is the payload I’m currently sending to /oauth/token:
{
"grant_type": "client_credentials",
"client_id": "my-client-id"
}
Is Client Credentials sufficient for this use case, or am I missing a security best practice?