I’m using a token of my own account to access pledge data via the API (mainly the comments that I added for Patrons), which works fine. I’d prefer to restrict the token scopes though, so in case the token somehow gets leaked it’s not possible to do a lot of harm with it. The token is stored on my server, so it should normally be secure, but I just think it’s good practice to only have the access that I actually need.
The problem is that even going through the Auth Flow and getting a token for myself with the scopes I want, it seemed to just refresh the Creator Token (of my existing client), still with full access. Is there any way to get a restricted Creator Token for my own account?