Sign in
Use your MixShift account login. Anyone who can sign in to this tenant can manage its credentials.
How service credentials work what they are, why, and what to do with one
What: a service credential is a machine key (a client_id + secret pair) for things that run without a person present: scheduled Cowork tasks, cloud automations, CI jobs. Humans signing in interactively don't need one; their browser sign-in handles it.
Why: browser sign-ins need someone to click a link, and their tokens rotate. A schedule that wakes up at 9am with nobody at the keyboard can't do either. The service credential is static, so it survives restarts, fresh sandboxes, and read-only secret stores, and it mints short-lived (1 hour) access tokens on demand. Tokens are read-only unless you grant Amazon Ads write access when creating the credential.
How to set one up:
- Click Create service credential below and name it after the automation (e.g.
nightly-foep-watch). You'll get theclient_idand a secret, shown exactly once. - On the machine or workspace where the automation runs, save the secret into a file (use an editor or secret manager, not a shell command that would land in history).
- Run the
mixshift auth service-setupcommand we'll show you after creation. It verifies by minting a real token, then your automation authenticates itself from then on.
Afterwards: activity shows up attributed to the credential's svc: label. You can revoke instantly or rotate with zero downtime from this page, any time. Full guide: service credentials documentation.
Service credentials
Machine keys for scheduled tasks, automations, and CI. Static secrets used with the OAuth client_credentials grant; revoking kills new token mints immediately.
| Label | Client ID | Scopes | Created | Last used | Status |
|---|
Creates a one-time setup code (valid 10 minutes): paste it to Claude in the workspace where the automation runs, and the credential is issued directly into that machine - no secret to handle. Need the raw secret instead (CI, secret managers)?
Setup code created. Paste it to Claude within 10 minutes.
Credential created. Copy the secret now - it is shown exactly once.
Active sessions
People signed in interactively - plugin sign-ins and partner app grants. Machine keys live on the Service credentials tab. Revoking ends that session's ability to refresh; its current access token ages out within hours.
| Person | Device / app | Client | Created | Expires |
|---|