Credentials and scopes
Issue a credential for one operational purpose and one catalog boundary. Broad, long-lived shared secrets make incident response harder and are not required for normal Music Delivery work.
One-time display
Kasty shows the credential secret once. Copy it directly into the organization’s secret manager and record the credential public ID separately for audit and revocation. Kasty support does not need the secret.
Least privilege
Use deliveries.validate for dry runs, deliveries.write for submission and the documented upload or read scopes only where the integration needs them. A read-only monitor should not hold write or credential-management authority.
Rotation
Create the replacement, update the sender in a controlled window, confirm successful authenticated calls, then revoke the old credential. Do not overwrite the only working credential before the replacement is verified.
Revocation
Revocation stops new authenticated requests. It does not delete accepted batches, immutable evidence or historical audit events. Existing scoped upload URLs remain subject to their own short expiry and object binding.
Compromised secret
Revoke immediately, rotate dependent systems and inspect delivery, upload and webhook activity by credential public ID. Never paste the suspected value into support messages. Authentication failures use stable codes documented in Errors.