2 min read
Definition
Least privilege is the principle that a credential should hold only the permissions its task requires, and no more. In the Credicorp API this means requesting only the scopes you use and provisioning a separate project per integration.
In plain terms
Give each key only the powers it actually needs, so a leak is contained.
Why it matters here
A narrowly-scoped, single-purpose credential turns a compromise into a bounded incident. See scopes and least privilege.
Related reading

Scope
A scope is a named capability on an OAuth token — like applications:write — that bounds what the token can…
Read →
Project
A project is the partner unit that owns an OAuth client and a rate-limit bucket. Sandbox and live are…
Read →
Access token
An access token is the short-lived bearer JWT you send as Authorization: Bearer on partner calls. You mint it…
Read →Funding for UK limited companies
Credicorp lends to your company, not to you personally — short-term working capital with no personal guarantee. See what your business could access.