Tabbio documentation

Connection security

Understand scopes, secret handling, approvals, audit records, and account deletion behavior.

Verified from Tabbio source912a2708

Least privilege#

Each connection exposes human-readable scopes before setup. Prefer the narrowest service, channel, label, workspace, and action set that completes the workflow.

Secret boundaries#

Tabbio does not display provider access tokens in the product. MCP personal tokens are shown once and stored as a one-way HMAC hash. Never paste tokens into a job post, CV, shared document, public issue, or chat transcript.

Side effects and audit#

Write-capable tools use explicit confirmation controls and record the action. Review pending approvals in Settings, then approve or reject from the authenticated Tabbio account.

Disconnect and delete#

Disconnecting stops future access. Account deletion also attempts to revoke all user connections; provider-side access can be reviewed separately for defense in depth.