My situation is that I have up to four receptionists calling patients, each with their own extension. I have built a "dialer" function (using the Password Flow -> Ringout API calls) into my contact management system. I understand that there is a limit of 5 non-expired tokens per extension.
This whole max token 5, token expire -> refresh token -> refresh token expire seems super complicated . I'll need to hire a team of expert hackers just to "hack in" to my own account. I was hoping to simplify things a tad, by doing this:
1) Obtain a token, store the expiry time in a "per extension" scope variable. (minus 5 seconds just to ensure I am "within bounds"). In the request, set the 'refresh_token_ttl=0' bc I don't want to be using refresh tokens at all.. I think they are unnecessary.
2) Keep using the existing token up until expire time
3) After token expire time, obtain a new token, like I did in step 1 above.
Is there anything wrong with this approach? Or MUST I use refresh tokens?