Quick question about securing token
I have a really simple website with no backend that has a couple html files, some css, and 1 js file. I want to grab a user's latest instagram posts, and I don't really want to use another widget service as it's kind of a hassle managing accounts for different clients. If I go about using the official instagram api, I'll have to use tokens which are obviously senstive, and because I don't have a backend, the token is going to have to be exposed on the frontend.
I'm not really concerned about someone compromising our token because it's only to grab instagram posts, but is there any way I can secure it a bit to make it annoying for someone to compromise? I'm assuming I can whitelist certain ip's/domains, so if I just whitelist my website is that generally good enough, or am I being lazy?
0 Replies