Runtime Auth Application

At runtime, Zerq injects credentials into outbound calls based on collection or workflow configuration.

Application order

1. Resolve credential reference on collection or node.
2. Load and decrypt secret value.
3. Transform into required auth shape (header, token, cert, DSN).
4. Send outbound request to backend target.

Failure behavior

• Invalid or missing credentials produce auth failures from backend.
• Expired OAuth tokens trigger refresh attempts before request retry.

Practical checks

• Verify attachment scope: collection-wide vs node-specific.
• Confirm logs expose status and request ID, not secret values.
• Test rotation to ensure no stale cached credentials remain.