How protect my token in the browser inspector on Prismic-Ref calls?

Hello everyone,

I make GraphQL calls to Prismic from my react application. If I use a private repository, it is required to add an authorization header to the request. Unfortunately, if that header is specified, an authorization token is provided in the response for the Prismic-Ref call. As a result, any customer can find an authorization token in the browser inspector. What is the purpose of providing the API token in the response?
It's a default endpoint to retrieve Prismic-Ref, e.g. GET query to

Is there any option to limit\hide part of the data I receive from that endpoint?

Hello @test.johnwalker

Thanks for reaching out to us. We have already been discussed this question here:

Let me know if you have any further questions related to it.


This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.