I make GraphQL calls to Prismic from my react application. If I use a private repository, it is required to add an authorization header to the request. Unfortunately, if that header is specified, an authorization token is provided in the response for the Prismic-Ref call. As a result, any customer can find an authorization token in the browser inspector. What is the purpose of providing the API token in the response?
It's a default endpoint to retrieve Prismic-Ref, e.g. GET query to https://hcmsrepo.cdn.prismic.io/api/v2
Is there any option to limit\hide part of the data I receive from that endpoint?