I am trying to figure out how to architect the authentication part of my Podio integration app. My app will need to:
- Allow a user to access a particular app ITEM which we will get by sending the URL of the app ITEM to our app and then getting the spaceID and appID and itemID from that URL. Each user could be trying to access any app ITEM he has access to.
What type of authentication do we need to do for this and how do we store the authentication ids so this user doesn't have to re-authenticate every time. We will also need to store some info on this user, such that we can do #2 below.
- In this case the trigger will be an inbound email to our mail server- there will be no user intervention. Our app will detect the inbound email and will take the email and append it as a comment to an existing app item in the same APP that we connected to in #1 above.
How do we authenticate in this case?
I am thinking I need to use "Server Side Flow" Authentication which will give me an access token and refresh token for EACH user (I was originally thinking I could do this one time for all the users within an organization) and I should be able to use this for #1 and #2?
Does this sound right?