Scoped API token
An API credential that grants access to a specific subset of operations or resources rather than blanket account access. Limits the blast radius of a compromised token.
A blanket admin token compromised in a public Discord, a leaked Git repo, or a hijacked staff laptop can read or write everything in an organisation. A scoped token limits the damage to a single product, project, or operation. ServerOps tokens are scoped per-product (media / logs / cases / apps), per-project, and per-scope (read / write / admin)
A token issued to your phone-script can only upload to one project's CDN; it cannot read logs, modify cases, or list users. Token usage is attributed in the dashboard, so when a script misbehaves you can find and revoke the right credential without rotating everyone.