SDK auth best practices for service-to-service calls?

[Evanildo]

For SDK-based integrations, what auth pattern do you recommend between internal services?

I want something simple for dev, but secure enough for production migration.

Token rotation strategy suggestions are very welcome.

[PeterGames]

Good direction. Recommended baseline:
- short-lived tokens
- strict scope per service
- regular key rotation
- full audit logging for privileged actions

We are drafting an SDK auth guide and will share it soon.