I'm currently working on a SaaS application for service-oriented business(i.e. lawn care, home cleaning, etc) where those businesses, if they choose, can add their Stripe, Authorize.net, or PayPal account for the management of customers and payments of invoices generated in our application. I know that the API Login ID, Transaction Key should not be shared with anyone, but looking for advice on the best solution to allow our application to manage a business' account via our application.
Yeah, I was looking at that but was concerned about the flow from our application to handle the expiration of the refresh token. Unless I'm misunderstanding, after a year, our application would need to trigger the business to perform the oauth flow again?