Why API tokens are highly sensitive
API tokens grant automated systems access to Leafy Energy data. A token is essentially a digital key. If someone obtains that key, they can perform API calls on your behalf.
Home Assistant best practices
- Store Leafy Energy tokens in secrets.yaml instead of directly in configuration files.
- Never share screenshots of configurations that show your tokens.
- Use separate tokens for separate environments (for example, demo and production).
Token rotation
Plan regular token rotation:
- Create a new token.
- Update your Home Assistant configuration.
- Deactivate the old token.
Demo tip
In Leafy Energy demos, you can show a fictional token and then explicitly explain that in real life such values should never be visible to others.
Comments
0 comments
Please sign in to leave a comment.