How protect my token in the browser inspector on Prismic-Ref calls?

test.johnwalker · November 29, 2021, 10:19am

Hello everyone,

I make GraphQL calls to Prismic from my react application. If I use a private repository, it is required to add an authorization header to the request. Unfortunately, if that header is specified, an authorization token is provided in the response for the Prismic-Ref call. As a result, any customer can find an authorization token in the browser inspector. What is the purpose of providing the API token in the response?
It's a default endpoint to retrieve Prismic-Ref, e.g. GET query to https://hcmsrepo.cdn.prismic.io/api/v2

Is there any option to limit\hide part of the data I receive from that endpoint?

Priyanka · November 29, 2021, 1:29pm

Hello @test.johnwalker

Thanks for reaching out to us. We have already been discussed this question here:

Let me know if you have any further questions related to it.

Thanks,
Priyanka

system · December 1, 2021, 9:25am

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How protect my token in the browser inspector? Developing with Prismic graphql	3	990	December 9, 2021
Authentication failing / Out-of-date documentation Developing with Prismic graphql	1	813	June 15, 2021
How to access Graphql from postman or curl Developing with Prismic graphquery , graphql	5	1090	November 25, 2022
Permanent access tokens - Public? Developing with Prismic graphql	3	856	December 9, 2021
Permanent Access token Developing with Prismic rest-api	4	1735	December 9, 2021

How protect my token in the browser inspector on Prismic-Ref calls?

Related topics