Client Side Security

New to the platform, checking out its' features and integrations. So far the experience has been great.

For client site implementations (React, Vue, etc.) is there any level of security for interfacing directly with your repository api besides using the access token (for private repositories)?

Typically this is done with CORS server settings that restrict or permit access to domains. Even if a repository is private the access token is right there on the client.

Hello @k4nderson, welcome to the Community forum!

That is correct, the Prismic content that is distributed through the API that can be configured as private. In private mode, the API requires the client application to authenticate itself to query, retrieve and display any content stored in a Prismic repository. Each data-consuming client application may use a distinct set of authentication credentials, by using an access token. Lean more about our Security & Compliance Features page.

Any additional security implementations built on top of the Prismic API will have to be configured externally.

This issue has been closed due to inactivity. Flag to reopen.