I couldn't get a response via call, so I'm trying through the community.

We are developing an application that does not have a graphical interface. However, we look to the phase of the project where we will integrate with Google Calendar. After some testing, we noticed that the authentication used by Google is OAuth 2.0, which, according to the documentation, is protection for sensitive data. It is to use other types of authentication without user interaction.

We tried using the API Key method, but Postman returns that this type of authentication is not supported. In fact, our application will not have direct contact with the user, so it is not possible for them to approve authentication.

Analyzing the integration, we noticed that they use the Bearer Token, however, the token is only communicated with the user's authorization.

Doubts:

1) Is there another form of authentication that we can pass a generic email and password (example:sistemas@harpiaconsultoria.com) and thus, not have a user interface, because whoever will integrate is working in the Protheus/TOTVS system?

2) Is there a possibility for our domain to use the API Key (release) method? Because it is integration without an interface?