Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Prismic - How to make API calls without exposing Access Token

Tags:

javascript

node.js

oauth

vue.js

prismic.io

I'm building a vue js web app and I would like to make respective calls to the to my prismic repo, but I don't know how to do it without exposing my access token. I am using the rest api approach shown here. Any ideas?

The http request syntax is as follows. I want to do this inside my vue components while not exposing the access_token.

http://your-repository-name.prismic.io/api/v2/documents/search?ref=Your_Ref&access_token=Your_Token

In my API/Security settings I'm also given a Client ID and Client Secret. I can't figure out how I can use these either.

Thanks

like image 495
Marcus Gallegos Avatar asked Sep 12 '18 06:09

Marcus Gallegos

People also ask

Does API need token?

An API token is similar to a password and allows you to authenticate to Dataverse Software APIs to perform actions as you. Many Dataverse Software APIs require the use of an API token.

How do I get Prismic access token?

Generate access tokens In your repository, go to Settings > API & Security > Generate an Access Token section. Then fill in the new configuration: Application name: The display name to identify your app, For example, My Website.

How do I call API access token?

The other way to make an API call with an access token is to add it to the request header. If using curl (a command line program that can be used for running API requests) you would specify the access token like this. Notice that the access_token is not in the URL at all. See the example on the API documentation site.

1 Answers

You'd have to store your access token on your server and make it process the requests on behalf of the client.

In the end, you'd send requests to your server instead of directly to prismic.io, your server will then send the access token authorized request, fetch whatever you need and return it back in response to the client.

The work flow would look like this:

  1. Client sends request to i.e. http://localhost:8000/api/endpoint
  2. Server sends request to prismic.io endpoint associated with the above endpoint.
  3. Server gets prismic.io response and sends it back to the client.
  4. Client gets the response.

If you want to hide your access token client-side, then it's impossible. To protect your access token the other two options are:

  1. Make users use their own prismic.io access tokens.
  2. Allow access only to authorized users.

The two options above are probably not what you want, so setting up a proxy server is what's left.

like image 120
dziraf Avatar answered Oct 06 '22 15:10

dziraf
Sign in to Comment

Related questions

mixing constructor and apply traps on the Javascript Proxy object
es6 class: how to omit "this" keyword
React recreates my component on each material ui tab switch
Exact time of display: requestAnimationFrame usage and timeline
Why does commuting the arguments of == in a console change the output?
Vue doesn't update DOM upon 'indirectly' changing the value of an expression
Typescript - retrieving class attributes without creating object
Asynchronous event handling in JavaScript
How to add HTML code to D3 tree chart at node?
how to force the ag-grid to scroll to the selected/highlighted row position
Socket.io disconnected unexpectedly
Vue computed property with an array not updating
Value change for Ng Date Time Picker doesn't work
Service worker fetch event is not firing
How do you detect if an attribute like password has changed in typeorm
Adds new method to Array.prototype in javascript [duplicate]
Performance of Promise.all and for-await-of
Chart.JS Mixed Chart - Bars Not Showing
Send email using nodemailer angular 6
Stripe IBAN Element Error 'The type `sepa_debit` is not a valid source type.'

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!