Hello,
I am unsure about a possible approach to consume APIs:
First, it is important to say that I have JWT SSO enabled for my community.
Then, I am using the API to reach at the "tokens" endpoint providing the ssoToken argument, which gives me a valid accessToken, and allow me to work with the API, without having an application setup.
I am wondering if this is a valid approach, since I could not find any documentation about this.
From security perspective, I think that is valid, I am basically mimicking the website.