Authentication

What we store (and what we don’t)

CrossWatch stores only what it needs to call provider APIs:

• OAuth tokens, API keys, or user tokens

• Provider URLs (for self-hosted services)

• Provider user IDs and server IDs (when required)

CrossWatch does not store your provider password.

To remove access, revoke it in the provider.

Then reconnect in CrossWatch.

Generic connection flow

Each provider has its own details, but the flow is consistent:

1. Click Connect (or Sign In).

2. Approve access in the provider tab.

3. Return to CrossWatch.

4. Open Settings for that provider.

5. Verify IDs and URLs. Use Auto-Fetch where available.

6. Click Save.

Provider guides

Troubleshooting quick checks

• Use a URL reachable from the CrossWatch host/container. Prefer LAN IPs over hostnames.

• If OAuth uses a callback URL, it must match the provider app settings.

• If libraries don’t load, check whitelisting. Then click Load Libraries.

Next steps

• Pick the two services you want to sync: Providers

• Create your first pair: Configure Pairs

• Enable real-time plays after the first clean run: Watcher

Where auth is stored

Auth data is persisted in /config/config.json.

Reference: Configuration (config.json).

What “Connected” means

Connected usually means “credentials exist in config”.

It does not guarantee the token is still valid.

If a provider suddenly fails:

• disconnect + reconnect

• rotate API keys (where applicable)

• verify callback URLs (OAuth providers)