I'm working on an intranet web application for a professional office. The feature I'm currently implementing is to send SMS messages (containing links) to selected clients throughout each day. This application can access the internet, but there is no access to it outside the local office network.
The application needs to create links, fetch link traffic stats, fetch new auth tokens for itself when needed, and monitor the bitly account status... with no user involvement At least part of this will be running as a cron.
I have a Bitly account, registered an app, got client ID and secret... but none of the authentication methods are suitable. I put a redirect URI on the app registration, but once I realized the "normal" process sent me to a bitly form, that was out. The only purpose the redurect URI would serve me is scraping the added parameters from it.
The other automated methods all use the bitly account username and password in some form, yet the documentation states applications are never to cache those locally. Does that only apply to their raw form, or is the base64encode(login:password) form acceptable to cache?
Which grant type am I supposed to use for fully automated API access? APIKEY access would work, but it's deprecated and to me it's not obvious what the suitable OAuth2 replacement is.