PagerDuty has introduced a new method of API access, transitioning from API Keys to a more secure and flexible OAuth2.0 token-based system that allows for granular access control through API scopes. Each object in the PagerDuty REST API now features defined scopes, such as read and write, enabling users to tailor application access precisely to their needs and adhere to the principle of least privilege. This new system involves setting up access via an app, with administrators and account owners managing app creation and token provisioning. Tokens, which replace the previously perpetual API keys, now expire every 30 days, necessitating regular rotation and management. They are issued through the PagerDuty identity service using client credentials, and their access scope can be limited based on organizational security requirements. Scoped OAuth is currently in early access and will be fully available for all accounts by the end of May 2023, with the company encouraging feedback and participation in their community forum for further discussions.