Security question (access_token, apikey)
Adding the API in variables , as I heard , is not safe because it is visible to anyone . A safe solution is storing the access _token after login and making your API calls using the access _token . How do you manage to hide the API in login steps and when refreshing the access token ? I tried to refresh the access token with Bearer access token , but it asks for an API key . Is it enough to use the API key in one variable (like for login or refreshing the access token ) to make the app vulnerable . How do you manage this ? Are you using an external service like Postman for login and for refreshing the access _token ? Security question (access _token , apikey ) Just clarifying lol Like on page load as part of the standard user check If not , no data would show So the refresh should happen if that check fails If you ’re using supabase , you can do it in your project settings I ’m not sure what your process ’s use case is here but I ’m not sure it ’s the correct approach Waiting an hour in the page before continuing could easily be interrupted Actions on the page should be instant and anything requiring such a delay should be handled on the backend But I ’m not sure if I understood your scenario properly extending the token expiration could be a solution , but I 'm used to work on my mac , than close the display and continue in 1 or 2 hours . And there are situations where I was interrupted of doing things and want to continue after that time . I 'm looking to do the refresh exactly before the information is sent . I believe it should be like this , if token is expired then refresh , if not continue , and in any case call the insert api . I have to wait to expire the token now to try this : ) ) You should likely also extend the expiration
.jpeg/public)