We are trying to integrate Custom HTML widget into the staging environment where we are calling an API that gives us the response based upon that we will dynamically load the HTML content. Where the API we are calling is integrated using OAuth Token based authentication which requires fire login API with credentials we get JWT bearer token and expiry as response. Using that token we used to call another API that gives the response to load into the HTML widget.
Here we found that the AUTH credentials are kept open in the client side JavaScript content which is a problem for us.
- Is there a way to protect/secure the credentials that is kept in client side in JavaScript code?
- Is there a way which we have for communicating with OAuth with External applications to load HTML widgets / embeddable widgets in secure manner ?
- Is there any short codes available in inSided community. Like in HTML widgets if we use “<% inSidedData.user.name %>” which is replaced by the user name.