Apparently, RMS currently only supports Authorization Code based grants for API access. However, emulating these OAuth flows for server-to-server applications is anything but trivial - there are suggestions of remote controlling a headless browser with Selenium - err, maybe not.
My current workaround is to use a PAT, but this has has all sorts of nasty implications in a containerized environment. If I don't refresh the token, it will expire in a year, and I have to remember updating the container environment in time (also it's abusing the intentions of a PAT).
If I do refresh it though, the original access token becomes invalid and the refreshed token needs to be stored on a persistent volume because otherwise the app won't be able to authenticate after a restart. If it ever goes out of sync, somebody again needs to update the container environment to bootstrap the process again. I don't even want to think about about running multiple instances of the same image. None of this looks very appetising, I have to admit.
Long story short, this is why OAuth has the Client Credentials grant in the first place: https://alexbilbie.com/guide-to-oauth-2-grants/
I suppose a Resource Owner Credentials Grant would also work if a userless context is technically not possible.
Am I missing something obvious? Anybody found a better workaround than using a PAT? Anything on the Teltonika roadmap maybe?