Ship integrations that can survive real review.
Use this guide to align token scope, webhook trust, playback governance, and retention-aware access rules with a defensible security model.
Baseline controls to adopt
- Use least-privilege scopes for every client credential.
- Separate machine-to-machine tokens from user-bound playback sessions.
- Log administrative access to device inventories, clip retrieval, and retention changes.
- Rotate secrets and signing keys on a defined cadence.
Recommended credential split
| Credential | Use |
|---|---|
| Server token | Cloud API calls from backend services |
| Embed session token | Short-lived browser playback sessions |
| Webhook signing secret | Inbound event verification |
Design around data lifecycle
Retention policy shapes what a user can see, what an operator can replay, and what a downstream service is allowed to persist.
If your system exports camera metadata into an external warehouse, document how long mirrored data or clip references remain there.