Today, Robot accounts in Enate authenticate using a username and password. This works for legacy apis, but is weak for system-to-system automation: passwords are long-lived shared secrets, must be rotated manually, support only one logical credential per robot, and offer limited audit granularity.

Enate already supports Application Credentials (OAuth 2.0 Client Credentials) for human users. This proposal extends that mechanism so that Robot accounts can authenticate using ClientID + SecretKey pairs and exchange them for short-lived bearer tokens via the existing endpoint.

The feature deliberately mirrors the existing Application Credentials experience — same OAuth 2.0 flow, same token semantics, same expiry and role-change invalidation behaviour — so that integrators and RPA developers have a single consistent integration pattern across human and robot accounts.