admin管理员组

文章数量:1026989

I'm building a vue js web app and I would like to make respective calls to the to my prismic repo, but I don't know how to do it without exposing my access token. I am using the rest api approach shown here. Any ideas?

The http request syntax is as follows. I want to do this inside my vue ponents while not exposing the access_token.

;access_token=Your_Token

In my API/Security settings I'm also given a Client ID and Client Secret. I can't figure out how I can use these either.

Thanks

I'm building a vue js web app and I would like to make respective calls to the to my prismic repo, but I don't know how to do it without exposing my access token. I am using the rest api approach shown here. Any ideas?

The http request syntax is as follows. I want to do this inside my vue ponents while not exposing the access_token.

http://your-repository-name.prismic.io/api/v2/documents/search?ref=Your_Ref&access_token=Your_Token

In my API/Security settings I'm also given a Client ID and Client Secret. I can't figure out how I can use these either.

Thanks

  • javascript
  • node.js
  • vue.js
  • oauth
  • prismic.io
Share Improve this question asked Sep 12, 2018 at 6:34 Marcus GallegosMarcus Gallegos 1,5923 gold badges20 silver badges36 bronze badges 1
  • Use a POST request instead of GET request for this. This is not 100% safe as well, but it does remove the querystring that contains your access token in the address bar. – Ru Chern Chong Commented Sep 12, 2018 at 6:39
Add a ment  | 

1 Answer 1

Reset to default 7

You'd have to store your access token on your server and make it process the requests on behalf of the client.

In the end, you'd send requests to your server instead of directly to prismic.io, your server will then send the access token authorized request, fetch whatever you need and return it back in response to the client.

The work flow would look like this:

  1. Client sends request to i.e. http://localhost:8000/api/endpoint
  2. Server sends request to prismic.io endpoint associated with the above endpoint.
  3. Server gets prismic.io response and sends it back to the client.
  4. Client gets the response.

If you want to hide your access token client-side, then it's impossible. To protect your access token the other two options are:

  1. Make users use their own prismic.io access tokens.
  2. Allow access only to authorized users.

The two options above are probably not what you want, so setting up a proxy server is what's left.

I'm building a vue js web app and I would like to make respective calls to the to my prismic repo, but I don't know how to do it without exposing my access token. I am using the rest api approach shown here. Any ideas?

The http request syntax is as follows. I want to do this inside my vue ponents while not exposing the access_token.

;access_token=Your_Token

In my API/Security settings I'm also given a Client ID and Client Secret. I can't figure out how I can use these either.

Thanks

I'm building a vue js web app and I would like to make respective calls to the to my prismic repo, but I don't know how to do it without exposing my access token. I am using the rest api approach shown here. Any ideas?

The http request syntax is as follows. I want to do this inside my vue ponents while not exposing the access_token.

http://your-repository-name.prismic.io/api/v2/documents/search?ref=Your_Ref&access_token=Your_Token

In my API/Security settings I'm also given a Client ID and Client Secret. I can't figure out how I can use these either.

Thanks

  • javascript
  • node.js
  • vue.js
  • oauth
  • prismic.io
Share Improve this question asked Sep 12, 2018 at 6:34 Marcus GallegosMarcus Gallegos 1,5923 gold badges20 silver badges36 bronze badges 1
  • Use a POST request instead of GET request for this. This is not 100% safe as well, but it does remove the querystring that contains your access token in the address bar. – Ru Chern Chong Commented Sep 12, 2018 at 6:39
Add a ment  | 

1 Answer 1

Reset to default 7

You'd have to store your access token on your server and make it process the requests on behalf of the client.

In the end, you'd send requests to your server instead of directly to prismic.io, your server will then send the access token authorized request, fetch whatever you need and return it back in response to the client.

The work flow would look like this:

  1. Client sends request to i.e. http://localhost:8000/api/endpoint
  2. Server sends request to prismic.io endpoint associated with the above endpoint.
  3. Server gets prismic.io response and sends it back to the client.
  4. Client gets the response.

If you want to hide your access token client-side, then it's impossible. To protect your access token the other two options are:

  1. Make users use their own prismic.io access tokens.
  2. Allow access only to authorized users.

The two options above are probably not what you want, so setting up a proxy server is what's left.

本文标签: javascriptPrismicHow to make API calls without exposing Access TokenStack Overflow

版权声明:本文标题:javascript - Prismic - How to make API calls without exposing Access Token - Stack Overflow 内容由热心网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://it.en369.cn/questions/1745666346a2162198.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。