(The credential thing I'm actually proud of is non-exfiltratable machine-bound Macaroons).

Remember that the security promises of this scheme depend on tight control over not only what hosts you'll send requests to, but what parts of the requests themselves.