Hootsuite Security Basics Credential Inventory | Credential | Scope | Rotation | |-----------|-------|----------| | Client ID | App-level | Never (app identifier) | | Client Secret | App-level | Rotate if compromised | | Access Token | User session | Auto-expires ( 1 hour) | | Refresh Token | User session | Rotate on each refresh | Instructions Step 1: Secure Token Storage Step 2: Token Refresh Security Step 3: Security Checklist - [ ] Client secret in secrets vault, never in code - [ ] Access tokens never logged or exposed - [ ] Refresh tokens stored encrypted - [ ] HTTPS for all OAuth reque…