The Quickbooks APIs requires the access_token for making API calls. Fetching the access_token requires the user to login and authorize the Quickbooks app for accessing the informations through modal popup. Once the access_token is received only then one can store it in persistent storage and make use of it for making one or more APIs calls from there onwards. It seems that this entire process of authorization requires manual intervention i.e we cannot fetch the access_token in background silently by just using the client_id and client_secret keys. Users need to authorize the app first through a 'modal popup' window from quickbooks. So whenever I am required to use the Quickbooks API integration module, the very first time users will be prompted to login and authorize the app via modal window(on Quickbooks website) for generating the access_token.
Is this workflow and our understanding Ok w.r.t to Quickbooks APIs? Or can we avoid user authorization happening through this modal popup window and just authorize the Quickbooks API based on client Id and client secret keys?
