eastern-cyan

keep delivery token secure

hey, I am using next, react query and query client (gql) to fetch content from a headless cms. They have two token for delivering content and delivering draft content. I want to have the draft token to be secure. But if I understand it correctly, it needs to be client side if I want to refetch data?! Is that correct? Can someone explain how it works? Can someone maybe give me a hint how to do this correctly? I think I have to reroute all my API calls over a proxy?! Or is there a better way with next?

3 Replies

like-gold•3y ago

next has a back end component. You can do a call in SSR (getServerSideProps) you can also prefetch queries in SSR which can be available client side if yiou want rto refetch you'd call /api/ and do the call there which hides the token create an api route

like-gold•3y ago

https://nextjs.org/docs/pages/building-your-application/routing/api-routes

Routing: API Routes

Next.js supports API Routes, which allow you to build your API without leaving your Next.js app. Learn how it works here.

like-gold•3y ago

https://maxschmitt.me/posts/next-js-http-only-cookie-auth-tokens

Max Schmitt

Next.js: Using HTTP-Only Cookies for Secure Authentication (2023)

Gaming

Programming

keep delivery token secure

Did you find this page helpful?