I’m currently working on an Next.ja site with a blog integration that fetches data from Prismic. The initial page data is page by using getStaticProps() at page generation. On the page is also a option to load more posts by clicking on a button (lazy loading). What’s the best way to fetch the data from Primic after the button has been clicked?
At the moment the button triggers a function that runs a Prismic query via the Prismic Client. I think that this is not the best solution because the user can afterwards see the request with repo name etc. in the network tab of the dev tools. If my Prismic API is set to public anyone can query the API. When setting it to private the user can also see the secret token because the request is visible in the network tab.
What do you mean is the best and most secure way to handle this?
Thanks in advance for your help!
It is true. If you set your repo to the public, the content will be public. Anyone might be able to query content from your repo. But not really anything else. Meaning this doesn't imply that it is a security risk because, even if someone has the endpoint, he will not be able to modify anything without access to the repository with the owner's permission.
So if your repository is set to private It is not possible to hide access-token on the client side. But then there is no issue in sharing the URL internally because the token you create in your setting has read-only permission to access your content. Currently, Prismic doesn't have a content Write API.
I hope it answered your question, let me know if you have any further questions related to it.