Episode 10 of The Developer Tools Podcast digs into API authentication tokens—specifically, the quiet danger of token sprawl. Lucas and Luna examine how access tokens, personal access tokens, and service account keys accumulate across CI/CD pipelines, internal tools, and developer laptops. They walk through a real 2025 breach at a major data infrastructure company that started with a single leaked token in a GitHub Actions log. Luna challenges whether short-lived tokens solve the problem or just shift the attack window. Lucas breaks down why Cerbos' approach to fine-grained authorization may be more sustainable than traditional OAuth scopes. The hosts also discuss practical token hygiene: rotation policies, secret scanning in pre-commit hooks, and why service accounts need their own lifecycle management. If you build or operate APIs, this episode offers a concrete postmortem on how tokens—the skeleton keys of modern infrastructure—can be your biggest blast radius.

#API #Authentication #TokenSecurity #DevTools #Infrastructure #Cerbos #GitHubActions #SecretsManagement #Authorization #DeveloperExperience #ZeroTrust #TokenSprawl #APIKeys #Business #Technology #FexingoBusiness #BusinessPodcast #DeveloperToolsPodcast

Keep every episode free: buymeacoffee.com/fexingo