Hi! I have created a simple feedback app that is not public. How to properly authenticate? in my JS code, the token is passed openly. It’s unsafe, isn’t it?
var requestOptions = {
method: 'POST',
headers: {
'X-Shopify-Access-Token': accessToken,
'Content-Type': 'application/json'
},
body: ConstructJs,
redirect: 'follow'
};
the JS file from which requests are made is located in the Shopify files, that is, along with the site.