Currently, the only way to authenticate with the TMetric API is by using a static access token. While this works for simple integrations, it presents a significant limitation for developing robust, third-party applications.

1. Lack of Granular Permissions: A static access token grants full, unrestricted access to a user's entire account. There is no way to define specific permissions or "scopes," meaning a third-party application could potentially access and modify data it doesn't need, which is a major security risk for users.
   
2. No Access Control in Third-Party Applications: With a static token, the third-party application itself has no way to enforce access control. It can't differentiate between what different users of that application are allowed to see or do within TMetric. The token is tied to a single user's account, not to the context of the third-party application.
   
3. Security Risks: The user must directly provide their personal, long-lived access token to the third-party application. If this token is compromised, the attacker gains full control of the user's TMetric account. The user has no way to revoke this token without generating a new one, which invalidates all their other integrations.