Hello,
I’m looking to build a plugin for Front.
The concern I have is about security. The recommended pattern to use token verification is embed the “secret” in the search param rather than a header.
Is there a way to embed the token in the header of the request instead so that it’s not obvious from the url?
https://dev.frontapp.com/docs/security#token-verification
Hi,
That’s not something we can support at present, but feel free to share this as a feature suggestion via our Product Ideas Portal.
Is there anything specific about this approach you’re concerned about? As a general recommendation, we advise putting any sensitive content rendered in your plugin behind a login in order to protect your data.
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.