We’re using the Timeline API to store custom actions our users take in our app in their contact profile in Hubspot.
This app is truly internal only – so there will be only one install of it…connecting our app to our hubspot portal.
This also means that we never want the access_token to expire. I know you can utilize the refresh_token to get a new access_token, but what recommendations do you have for automating this process?
Should we update the access_token lazily (i.e., when our code detects the access_token has expired, initiate the refresh process?). Or should we do it as a scheduled task?
We have multiple servers, and each of them would need access to the correct access_token at any moment in time. Since we have multiple servers, where do you recommend storing the access_token? An external key/value data store like redis? What about race conditions when you update the access_token and need it to be propagated out to our servers?
Does the refresh_token ever expire?
Is there some established best practice for non-user facing applications authenticated using oauth? Are we over-complicating this somehow?
Thanks in advance.