Docs
Powered by

# Credentials & Security

The Credentials settings pane shows your stored authentication credentials and lets you manage them. Open it from Settings (Cmd+Comma) and select the Credentials tab.

# How Credentials Are Stored

All credentials in Weavestream — API keys, tokens, passwords, and OAuth tokens — are stored in your Mac's Keychain. This is Apple's built-in encrypted credential storage, the same system that stores your website passwords and certificates.

Key points:

  • Credentials are encrypted at rest
  • They never leave your device unencrypted
  • They're protected by your Mac's login credentials
  • Exported source configurations do not include credentials

# Viewing Credentials

The Credentials pane lists all stored credentials, including:

  • API source credentials — Tokens and keys for your connected API sources
  • OAuth tokens — Access and refresh tokens for OAuth 2.0 sources
  • Service credentials — Keys for services like Pushover
  • AI provider keys — Your Anthropic API key (if configured)

Each entry shows the credential type and which source or service it belongs to.

# Managing Credentials

# Updating Credentials

If an API key or token has changed:

  1. Edit the source (... menu → Edit Source in the sidebar)
  2. Go to the Authentication step
  3. Enter the new credentials
  4. Save

The old credentials are replaced in the Keychain.

# Re-authenticating OAuth Sources

For OAuth 2.0 sources using the Authorization Code flow:

  1. Hover over the source in the sidebar and click the ... menu
  2. Choose Re-authenticate
  3. A browser window opens for you to sign in again
  4. The new tokens replace the old ones

This is useful when tokens expire or when you need to change the account.

# Deleting Credentials

You can delete individual credentials from the Credentials pane. This removes them from the Keychain. Note that deleting credentials will prevent the associated source from syncing until new credentials are provided.

# Security Best Practices

  • Use the most restrictive API permissions possible. When creating API keys or OAuth apps, only grant the scopes and permissions Weavestream actually needs.
  • Rotate keys periodically. If a service supports it, create new keys and update them in Weavestream regularly.
  • Don't share exported configurations carelessly. While they don't include credentials, they do include your API structure and endpoint paths.
  • Lock your Mac. Since credentials are protected by your Mac's login, make sure you use a strong password and lock your screen when away.

# What About AI Data?

Credentials are never sent to AI providers. When you use AI analysis, Weavestream sends item data (the content from your API responses) but never your authentication credentials, API keys, or tokens. See Privacy & AI Providers for more details.

© Copyright Spiffy Solutions Inc 2026. All rights reserved.