Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.trysight.ai/llms.txt

Use this file to discover all available pages before exploring further.

Key storage

  • API keys are stored as SHA-256 hashes — we cannot recover a lost key.
  • OAuth access and refresh tokens are hashed at rest.
  • Full secrets are never written to audit logs.

Rotation

  1. Create a new key (or use Rotate on an existing key in the Developers page).
  2. Update your integration to use the new key.
  3. Revoke the old key.

Logging

We log: route, method, status code, latency, key prefix, and IP — not request/response bodies or Authorization headers.

Incident response

If a key is exposed:
  1. Revoke it immediately in Integrations → Developers.
  2. Review recent API logs in the Developers page.
  3. Create a new key with minimum required scopes.

MCP OAuth

  • Redirect URIs must be HTTPS or localhost/127.0.0.1 only.
  • PKCE (S256) is required for authorization code exchange.
  • OAuth tokens are bound to a single team selected at consent.