@spec create_authorization(Tink.Client.t(), map()) ::
  {:ok, map()} | {:error, Tink.Error.t()}

Creates an authorization grant for a user.

No caching — this is an authorization operation.

@spec create_user(Tink.Client.t(), map()) :: {:ok, map()} | {:error, Tink.Error.t()}

Creates a new Tink user.

This is a mutation operation - no caching, but doesn't invalidate either since the user is new.

@spec delete_credential(Tink.Client.t(), String.t()) ::
  {:ok, map()} | {:error, Tink.Error.t()}

Deletes a credential and invalidates user cache.

Returns {:ok, map()} on success (the response body) or {:error, error} on failure. Cache invalidation is handled automatically by Client.delete/3.

@spec delete_user(Tink.Client.t(), String.t()) :: :ok | {:error, Tink.Error.t()}

Deletes a Tink user and invalidates all their cached data.

@spec get_credential(Tink.Client.t(), String.t()) ::
  {:ok, map()} | {:error, Tink.Error.t()}

Gets a specific credential with short-term caching.

@spec get_user_access_token(Tink.Client.t(), String.t()) ::
  {:ok, map()} | {:error, Tink.Error.t()}

Gets a user access token from an authorization code.

No caching — this is an authentication operation.

@spec list_credentials(Tink.Client.t()) :: {:ok, map()} | {:error, Tink.Error.t()}

Lists credentials for a user with short-term caching (30 seconds).

Credential status changes frequently during authentication, so cache is short.

@spec refresh_credential(Tink.Client.t(), String.t()) ::
  {:ok, map()} | {:error, Tink.Error.t()}

Refreshes a credential and invalidates user cache.

Triggers a data refresh from the bank. Cache is invalidated automatically by Client.post/4 on success; no extra invalidation is needed here.