Web API - Webhooks - Authentication Flow type


reading the documentation here: Nuki Developers
I can authenticate the user with the Authorization Code Flow of OAuth 2.0 Spec.
I already integrated the user authentication for the Web APIs with Implicit Code Flow (my client is a web application so is not secure to add a client secret in a static page).
After asking for the enabling of advanced api integration, is there a way to use the Implicit Code Flow to enable webhooks?

Thanks in advance for the responses :slight_smile:

If you want to use webhooks for client devices as described in the linked document, you will need the OAuth2 flow, as the API tokens currently do not contain scopes for the webhook types.

Thanks for your tempestive reply Stephan!

I understand I have to user the OAuth 2.0 flow but in the RFC6749 the grant type specified are 4.
I know from here: Nuki API Doc that the supported grant types are 2:

  • Authorization Code
  • Implicit

but reading from here: Webhook API Doc seems like the only supported grant is: Authorization Code.

Am I right?

I already implemented this kind of authentication for the Nuki Web API with the Implicit Grant because we use a Web Application and is not recommended, for security reasons, to use Authorization Code on static browser pages.
From what I understand from the documentation the webhooks can’t be integrated unless Authorization Code is used?