← Home

API Security Health

A different question from Report Health: not "is it reachable and are names matching," but "what rights does this credential actually have, and does any of them have more than this app needs?"codeUsage is what this app's code actually calls (grep-audited); grantedAccess is the credential's real ceiling — what it could do if the code changed — declared from the vendor's own docs/console where known, or honestly marked "Not Verified" where it isn't. Per the Dev Guide's Rule 1, a new integration isn't done until it has a row here too.

← Developer Guide
✓ No credential currently carries more access than this app needs.
IntegrationLiveCode usageGranted accessNotes

Read/Read + Write = what this app's code actually calls, kept honest by grep-auditing every server/utils/ client for a real mutating call. Granted access = the credential's ceiling: Read Only or Read + Write (confirmed, scoped) are the good outcomes; Full means the credential can do more than a scoped key would allow with no way to restrict it (always shown with a warning); Not Verified means nobody has checked the vendor's own console yet — not a confirmed problem, but not confirmed safe either.