hi @bebourdain at the moment the API is centered around OAuth2.0 which is User Access. Meaning a user must be present in the account in order to interact with it via the API.
In your case we have User A (you) and User B (creator). Even if you generate all of the above, User A will need to be invited to User B’s account in order to access it. What you’re probably looking for is what we used to have as a Developer Token (which was still user scoped) in that User B could generate a token that provided specific access to their account, based on different scopes, without the need for other users to be a part of it. It essentially gives other users permission on the behalf of User B.
We dont have that functionality atm, but we are looking into ways to provide it in a round about way.
My suggestion would be to use @silosync_io’s MiniSync or SiloLINK as it is working as a proxy for the user. They can generate a link for others to upload to, which is what you’re looking for essentially.