Keys And Credentials
- user access tokens are Bearer tokens issued by your auth provider
- API keys are Bearer tokens used on public routes that allow
api_key_or_access_token - key issuance and rotation flows exist in setup/admin surfaces, but the underlying management routes are outside the current public route docs boundary
Never log raw tokens. Rotate on compromise.