Update TOTP/Exact Refresh Token November 2021
Using Implicit Grant Flow with TOTP-secret is still recommended when you can not guarantee that all uses are not in parallel or at least 10 minutes apart. The 10 minutes interval between runs is necessary due to the new requirement that an access token may not be acquired more often than once every 9,5 minutes.
To reduce the number of uses of the TOTP-secret, you may want to include the client secret of your Exact Online app in settings*.xml by assigning it to the connection string attribute api-client-secret. For more information on the settings XML file format consult the article Settings.xml XML-format for virtual SQL databases.
This enables - when possible - the Invantive software to use Code Grant Flow with improved runtime performance. When multiple processes are run at the same time, the software will revert to Implicit Grant Flow automatically.
The data container setting to automatically enter verification code on program start, switch to Code Grant Flow and then continue use of Code Grant Flow as long as possible will resemble then:
<database
order="10"
alias="eol"
provider="ExactOnlineAll"
userLogonCodeMode="Hidden"
passwordMode="Hidden"
defaultUserLogonCode="invantive1"
defaultPassword="secret"
connectionString="api-url=https://start.exactonline.nl;api-client-id=GUID_VALUE;api-client-secret=ANOTHER_SECRET;api-redirect-url=https://URL;totp-secret=TOTP_SECRET"
AllowConnectionStringRewrite="false"
/>