Authentication
Standards-first identity
- OAuth wherever the provider supports it. No stored plaintext passwords.
- Scoped API tokens with least-privilege access to the specific objects required.
- Signed webhooks are required where the provider supports them.
- Credential expiration is tracked and surfaced before the outage window.
- Rotation is a first-class action on every connection.