I’m a bit confused about the difference between the access token that can be acquired by OAuth and the token on the Developer tab.
since the token that accessed from OAuth doesn’t expired, so what is the difference
In my case i just want a single access token that would authorize all the API calls across board items CRUD and the other users could see the changes made, what is the best practice for having access token in my case?
I think you need to flesh out what it is you’re trying to do.
The differences are:
OAuth tokens are for each user per-app. Each app has an API complexity quota on a per account basis. These tokens are automatically revoked if an app is uninstalled for example. Accounts can also restrict these tokens to specific workspaces (via restricting the app). They also have controllable scopes, which limit what they can do within the account - in addition to having to also obey any user based restrictions on the user for whom they were created.
The dev center user tokens are an account level token and share a single complexity quota for the whole account (10,000,000 combined for read or write). They can be revoked by individual users. They are allowed to do whatever the user to which they belong can do - and have scope to perform any action within that constraint.
The use of user API tokens (from the developer tab) in a marketplace listed app is forbidden by monday.
If you’re just creating an integration for yourself or a client, then using the dev center token may be easiest. However, this means youre sharing the API complexity quota with everything else in the account using that class of token. By creating an app you get 5,000,000 read and 5,000,000 write complexity points per minute for JUST that app. This can be crucial to avoiding breaking unrelated workflows built with the API - maybe by different people you know nothing about.