Token safety model
API tokens should be scoped tightly by identity and app permissions.
Best practices
- Create separate tokens per automation.
- Use write scope only when required.
- Rotate tokens on schedule.
- Revoke tokens immediately if exposed.
Operational check
Audit token usage and identity bindings regularly to prevent permission drift.