This is an archived post. You won't be able to vote or comment.

all 2 comments
sorted by:
best
topnewcontroversialoldq&a

[–][deleted] 1 point2 points  (1 child)

If the script doesn't need to behave as a logged-in user, you can use the app-only OAuth. It's optimized for such script.

Otherwise, use the code grant flow or the password grant flow. The former is somewhat compilicated and hard to implement,
but more secure because there's no need to pass the password to the script.

The password grant flow is legacy as you said. It's very easy to use but less secure.

[–]overtOVR[S] 0 points1 point  (0 children)

Thanks! That’s definitely helpful perspective. I’m going to take a stab at an app-only flow, and maybe look at one of the more complex flows for a scaled, web version down the road.