We prefer OAuth connections, least‑privilege access, and documented integrations. We avoid storing credentials when possible and build with clear ownership and handoff.