We have numerous API integrations (MindTouch Knowledge Base, Tridion Sites, GitHub, etc) that have a TMS "user" associated with them.
TMS has a mandatory 90-day password expiration/reset requirement, which is useful for getting the human users to change their password periodically.
It can be turned off, but that would turn it off for all users, not just the API "users".
But could that be separated for the API users? Unless we preemptively change the API users' passwords on that schedule, the integrations break.
For example, our Google implementation has a single token that we provide that never expires, and we don’t have to refresh.
Perhaps this product enhancement could include:
- Token timeout increase (2-3 hours)
- Only providing a token instead of four credentials.
- No password reset after 90 days, or preferably just require that the token can persist.
Thanks for considering this enhancement!