They've now made some level of online connection mandatory, as you need an oauth token to connect to the local interface, which you can only get online. That token does have an expiry time of a year, but still, it's a significant step back from where they were before, where you could get local access completely disconnected from the internet (and in fact, those who completely isolated it to prevent it from getting software updates still have this).
The IQ Gateway authentication is done entirely offline - but you do have to have a device online (laptop, pi, mobile etc) to obtain a JWT to present to it.
Installer tokens are 12 hours, Owner tokens are a year. Some endpoints are only accessible with roles higher than Owner however, see https://github.com/Matthew1471/Enphase-API/blob/main/Documen.... for my scripts (available as the "examples") they're set to renew the tokens automatically where required.
It is about as sensible a design as you could come up with while still tying the access to be gated by the manufacturer. I still don't really get why it's done this way: the stated reason of security against a previous owner of the system doesn't make sense: this can more easily be accomplished by being able to reset the password.
(As an aside, assuming the system gets its time from NTP, I wonder if you could extend a token's access time indefinitely by returning a looping timestamp from a local server)
