@LoudLemur thank you
the tokens : this kinda reflects the "journey" that CCAI went on. Initially it was browser-only ... and not user's site. I acknowledge users' cautions about this. Hence recommending a short-lived token disposable for use in CCAI open browser
Then we had CCAI-P deployed on your own cloudron, and interacting with your own Cloudron. In this case a multi-use long-life token was OK and so recommended. I think the quote you included in your question is from CCAI-P.
Then CustomAppGateway got rid of browsers completely for initial install and you enter a token into the binary on your local device. So not needed to use single-use short-term token. But hey everyone's paranoid these days so no harm in doing so.
I don't recognise the need for a 3rd token, but it might an academic question, as Cloudron 9.1 will make all this redundant. A much smoother and less problematic security approach, because it's all "on platform"
RO vs RW : it needs to make changes to your Cloudron, so RW.
pretty icons : that all comes down to the app being deployed. CCAI-P uses a similar but deliberately different logo to Cloudron.
Let me know which apps are not rendering a nice icon, and I can look at it.
Cloudron :
[image: 1770670785150-cloudron.png]
CCAI / CCAI-P :
[image: 1770670818282-logo.png]
