attio-security-basics

Featured

Secure Attio API integrations -- token scoping, secret management, scope auditing, webhook signature verification, and rotation procedures. Trigger: "attio security", "attio secrets", "secure attio", "attio API key security", "attio scopes", "attio token rotation".

AI & Automation 2,266 stars 315 forks Updated today MIT

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Attio Security Basics ## Overview Attio access tokens never expire and have no scopes by default. This makes scoping, rotation, and secret management critical. This skill covers practical security controls for Attio REST API integrations. ## Token Properties | Property | Value | |----------|-------| | Format | `sk_...` prefix | | Expiration | Never (must be manually revoked) | | Default scopes | None (you must explicitly add scopes) | | Scope granularity | Per-resource read vs read-write | | Auth method | `Authorization: Bearer <token>` header | ## Instructions ### Step 1: Apply Least-Privilege Scopes Tokens should have only the scopes needed for their use case: ``` # Read-only analytics integration object_configuration:read record_permission:read # CRM sync (needs write) object_configuration:read record_permission:read-write list_entry:read-write # Webhook receiver (just needs to verify, no API calls) # No scopes needed -- webhook signature uses a separate secret # Full admin (avoid in production) object_configuration:read record_permission:read-write list_entry:read-write note:read-write task:read-write user_management:read webhook:read-write ``` ### Step 2: Environment Variable Management ```bash # .env.local (development -- git-ignored) ATTIO_API_KEY=sk_dev_abc123 # .env.example (committed -- template for team) ATTIO_API_KEY=sk_your_token_here # ATTIO_WEBHOOK_SECRET=whsec_your_secret_here # .gitignore (mandatory) .env .env.local .env.*.local ``` **Platfo...

Details

Author
jeremylongshore
Repository
jeremylongshore/claude-code-plugins-plus-skills
Created
7 months ago
Last Updated
today
Language
Python
License
MIT

Integrates with

Anthropic · AI REST API · API

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

attio-install-auth

Set up Attio REST API authentication with access tokens or OAuth 2.0. Use when configuring API keys, setting token scopes, initializing the Attio client, or connecting an app via OAuth. Trigger: "install attio", "setup attio", "attio auth", "attio API key", "attio OAuth", "attio access token".

2,266 Updated today
jeremylongshore
AI & Automation Featured

attio-prod-checklist

Production readiness checklist for Attio API integrations -- auth, error handling, rate limits, health checks, monitoring, and rollback. Trigger: "attio production", "deploy attio", "attio go-live", "attio launch checklist", "attio production ready".

2,266 Updated today
jeremylongshore
AI & Automation Featured

instantly-security-basics

Apply Instantly.ai security best practices for API keys, scopes, and access control. Use when securing API keys, implementing least-privilege access, or auditing Instantly workspace permissions. Trigger with phrases like "instantly security", "instantly api key safety", "instantly least privilege", "secure instantly", "instantly access control".

2,266 Updated today
jeremylongshore
AI & Automation Featured

clickup-security-basics

Secure ClickUp API tokens, implement least-privilege access, and audit usage. Use when securing API keys, rotating tokens, configuring per-environment credentials, or auditing ClickUp API access patterns. Trigger: "clickup security", "clickup secrets", "secure clickup token", "clickup API key rotation", "clickup access audit".

2,266 Updated today
jeremylongshore
AI & Automation Featured

miro-security-basics

Apply Miro REST API v2 security best practices — OAuth scope minimization, token storage, webhook signature validation, and secret rotation. Trigger with phrases like "miro security", "miro secrets", "secure miro", "miro token security", "miro webhook signature".

2,266 Updated today
jeremylongshore