We are building upon our domain restriction security with a new setting – direct credential access. This is available at the tenant and credential level.
Once enabled, credentials can only be used in the following scenarios:
Functions that do not expose the credential value
Outbound requests to a defined domain
By default, this setting is enabled for all new tenants. Existing tenants are encouraged to enable this at the credential level before turning on the tenant-wide setting to avoid unexpected story breakage. Read more in our docs.