A client provides a service, and in this case, it sounds like the user must authenticate upfront to use the application (I’m assuming, you didn’t really answer that, but from the sound of it, authentication comes first, then action). Please note that authentication in this scope is allowing the client to use the data obtained by your account in order to use the API, so the token fetching process. I’m unsure of how to prevent the issue other than a fix on the API side of things assuming i am right on all of that (Please confirm if I am).