Step 5: Identify Credential & Access Requirements
For Each Build, Document
| Field | Description |
|---|---|
| Data source | What system/API/DB does it need? |
| Access method | OAuth, API key, DB file, web scraping? |
| Who provisions | Admin, user, third party? |
| Storage location | Where does the credential go? (1Password, .env, etc.) |
| Refresh cadence | Does the token expire? How often? |
Common Credential Patterns
| Integration Type | Typical Access | Notes |
|---|---|---|
| Google APIs (Calendar, Gmail) | OAuth2 client + token | Requires GCP project, user consent flow |
| Task managers (Asana, Linear, etc.) | API token | Usually long-lived |
| CRM (HubSpot, CLAY, etc.) | API key | Check rate limits |
| Communication (Slack, Telegram) | Bot token + webhook | May need admin approval |
| Cloud storage (Drive, Dropbox) | OAuth2 | Similar to Google pattern |
Next Step
Use the Credential Checklist template to track provisioning status for your deployment.
Last updated on