OAuth connection for a third-party system with client credentials

Hi!

I am implementing a Support App and I want each Zendesk user (admins, agents) to authenticate using OAuth to a third-party API before using the app. Each user would have a different account in my API.

I've tried doing this using the grant type authorization code, but this seems to be supported only for admins. 

So now I've tried switching to client credentials following the docs here and use a single user in my API and sending some identifier in the Headers of my API requests to differentiate users. So as an admin I'd create the OAuth Client, start a client credentials flow and use the URL to make an Exchange Verification Code request to get my access_token. Then I would like to store that token somewhere in metadata maybe, so that all users can use it to make requests to my third-party API.

These are my questions:

1. The response I get from the Exchange Verification Code shows "******" for the access token. How can I retrieve the real value?

2. After getting the correct value for the access token, where should I store it so that I can use it for all Zendesk users using my Support App?

3. Would there be a better way to implement all this?

Thank you!