Do I need to use OAuth? May I have a permanent token instead?

Digi-Key has found that the implementation of OAUth 2.0 is the simplest way to mutually be assured of a user's identity and the user's permitted access to our APIs. For the reason that sensitive information is exposed by our APIs, Digi-Key will only allow clients authenticated via OAuth 2.0 access.  Dig-Key strictly uses the three-legged OAuth flow.

Digi-Key will not permit access via permanent access tokens nor via any other equally less secure processes.