Prismic - How to make API calls without exposing Access Token

大城市里の小女人 提交于 2020-05-29 03:50:08

问题


I'm building a vue js web app and I would like to make respective calls to the to my prismic repo, but I don't know how to do it without exposing my access token. I am using the rest api approach shown here. Any ideas?

The http request syntax is as follows. I want to do this inside my vue components while not exposing the access_token.

http://your-repository-name.prismic.io/api/v2/documents/search?ref=Your_Ref&access_token=Your_Token

In my API/Security settings I'm also given a Client ID and Client Secret. I can't figure out how I can use these either.

Thanks


回答1:


You'd have to store your access token on your server and make it process the requests on behalf of the client.

In the end, you'd send requests to your server instead of directly to prismic.io, your server will then send the access token authorized request, fetch whatever you need and return it back in response to the client.

The work flow would look like this:

  1. Client sends request to i.e. http://localhost:8000/api/endpoint
  2. Server sends request to prismic.io endpoint associated with the above endpoint.
  3. Server gets prismic.io response and sends it back to the client.
  4. Client gets the response.

If you want to hide your access token client-side, then it's impossible. To protect your access token the other two options are:

  1. Make users use their own prismic.io access tokens.
  2. Allow access only to authorized users.

The two options above are probably not what you want, so setting up a proxy server is what's left.



来源:https://stackoverflow.com/questions/52288838/prismic-how-to-make-api-calls-without-exposing-access-token

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!