New to the platform, checking out its' features and integrations. So far the experience has been great.
For client site implementations (React, Vue, etc.) is there any level of security for interfacing directly with your repository api besides using the access token (for private repositories)?
Typically this is done with CORS server settings that restrict or permit access to domains. Even if a repository is private the access token is right there on the client.