Hello - How do we accomplish Application-only for Single Page Applications? Per the article on this, the id/secret/token are all considered ‘passwords’ that should be secured. In that regard, plugging them into a Single Page Application would expose them through the browser Java Script. Is there a best practice on this? Is it “okay” to put the id/secret into an SPA? How would this be accomplished otherwise?
Thanks in advance.
This is generally handled by having a server you manage that holds the secrets. Your SPA makes requests to your server which then makes the requests to the Twitter API and returns the results to your SPA.
1 Like
Yeah, figured…was hoping for a way around that, but makes sense. Thanks.
