Quick question about securing token
I have a really simple website with no backend that has a couple html files, some css, and 1 js file. I want to grab a user's latest instagram posts, and I don't really want to use another widget service as it's kind of a hassle managing accounts for different clients. If I go about using the official instagram api, I'll have to use tokens which are obviously senstive, and because I don't have a backend, the token is going to have to be exposed on the frontend.
I'm not really concerned about someone compromising our token because it's only to grab instagram posts, but is there any way I can secure it a bit to make it annoying for someone to compromise? I'm assuming I can whitelist certain ip's/domains, so if I just whitelist my website is that generally good enough, or am I being lazy?
I'm not really concerned about someone compromising our token because it's only to grab instagram posts, but is there any way I can secure it a bit to make it annoying for someone to compromise? I'm assuming I can whitelist certain ip's/domains, so if I just whitelist my website is that generally good enough, or am I being lazy?
A friendly place for developers to meet other devs, ask questions, get help, and just have a good time 🙂.
36,263Members
Resources
Recent Announcements
Similar Threads
Was this page helpful?
