How protect my token in the browser inspector on Prismic-Ref calls?

test.johnwalker · November 29, 2021, 10:19am

Hello everyone,

I make GraphQL calls to Prismic from my react application. If I use a private repository, it is required to add an authorization header to the request. Unfortunately, if that header is specified, an authorization token is provided in the response for the Prismic-Ref call. As a result, any customer can find an authorization token in the browser inspector. What is the purpose of providing the API token in the response?
It's a default endpoint to retrieve Prismic-Ref, e.g. GET query to https://hcmsrepo.cdn.prismic.io/api/v2

Is there any option to limit\hide part of the data I receive from that endpoint?

Priyanka · November 29, 2021, 1:29pm

Hello @test.johnwalker

Thanks for reaching out to us. We have already been discussed this question here:

Let me know if you have any further questions related to it.

Thanks,
Priyanka

Topic		Replies	Views
How protect my token in the browser inspector? Developing with Prismic graphql	3	1066	December 9, 2021
Invalid access token in api browser Prismic for Content Creators	10	1722	April 24, 2024
Permanent Access token Developing with Prismic rest-api	4	1816	December 9, 2021
Authentication failing / Out-of-date documentation Developing with Prismic graphql	1	866	June 15, 2021
Permanent access token included in app.js source code Developing with Prismic gatsby	6	1396	December 9, 2021

How protect my token in the browser inspector on Prismic-Ref calls?

Related topics