Trusted Sources for Deployment Protection (opens in new tab)

**Published:** May 13, 2026 | **Authors:** Kit Foster, Marc Greenstock, Tim White --- Trusted Sources lets protected deployments accept short-lived identity tokens (OIDC) from Vercel projects and external services you authorize, so you no longer have to share a long-lived Protection Bypass for Automation secret. Trusted Sources is the recommended approach, but Protection Bypass for Automation continues to work Callers attach an OIDC token in the `x-vercel-trusted-oidc-idp-token` header. Ve...