Permanent Access token

Hi there,

I'm trying to use the prismic rest api to implement a feature in my components of my next.js app.
Our private repo requires an access token hit the api endpoint.
In order to successfully hit the api from the component, I had to include the api endpoint and access token in my public runtime config. This means that the access token is visible from the browser. I'm not sure of a way around this. Can you tell me if the access token comes with any write permissions? If that's the case then we definitely don't want to expose it. Trying to understand what kind of vulnerability comes with exposing this token.
Many thanks,

Hi Dan,

This question has already been answered here: