Skip to content
DraftStack

Security

API tokens

Section titled “API tokens”

DraftStack API tokens use the dst_ prefix. Send them as a bearer token.

Authorization: Bearer dst_...

Treat tokens as secrets. Store them in environment variables or a secret manager, not in source control.

GitHub App scope

Section titled “GitHub App scope”

The GitHub App reads pull request metadata and diffs from the repositories you select. It writes only to the documentation repository, never to monitored source repositories.

Publishing control

Section titled “Publishing control”

Every write to the documentation repository starts from an approval. The publish mode controls what an approval produces: a draft pull request by default, an immediately merged pull request with auto, or a branch with no pull request with none. Projects that keep the default mode always have a human review gate before anything merges.