Yes, the OAuth flow requires that you provide an interface for a consumer that redirects them to the authorization page, where they can approve or deny the request as well as specify which Infusionsoft application they wish to grant access to, then redirects them back to a redirect_url that can receive the token generated.
All API requests require authentication. Requests to the Legacy XMLRPC API may use Legacy API Keys instead, but we do not recommend building new integrations based on those, as they will eventually be removed.
Ok, not problem about It, however, I’m building a mobile app and I need to make “transparent” this step to the consumer, is there a way or an alternative for avoid it ?? …
No, the user must grant access to their data. I’m not a mobile app developer by trade, but I would expect a WebView to be presented for authorization before being taken to the main application interface.
You can make a mobile app work the same as normal web apps do with the Infusionsoft OAuth2 model. But it requires that you maintain an authentication server that the mobile app would need to reference and the server would be responsible for keeping authorized tokens from expiring.