We are conducting an internal review for using PermID APIs, and the review department has raised the following inquiries. Could you please provide answers?
■ I believe the API authentication method is "API token method," but is it "OAuth2.0"?
■ When issuing tokens, it is assumed that we will go through an authorization server. For access to the authorization server, will it be using "Client ID" and "Secret Key"? Could you please explain what kind of authentication it will be?
■ Could you please provide the validity period of the issued access tokens and the validity period of the refresh tokens?