My side project that I talked about can no longer use auth. This is because the app runs mostly in the background as jobs. I could go with Xero’s partner application but the session may not be long enough so a private application is best. The app uses three stages for authentication with the API: Consumer Key, Secret Key and the Certificate the customer has generated in their terminal/shell.
Things have changed:
I use Rails MessageEncryptor to decrypt/encrpty both keys and upload the cert to my local server. That’s how I can have a user connect to their Xero account through the API. Based on that, what security I should have in place? I know nothing is safe but what’s the best practice and best way forward?