What is the best way to pass access_token to client after authentication?

xameeramir
We're able to get the access token after the Kite session POST API.

Our question is that if we don't pass the access_token to the user's client as per the warning stated in the docs which says that
Warning

Never expose your api_secret by embedding it in a mobile app or a client side application. Do not expose the access_token you obtain for a session to the public either.
then how will the user's client be able to send API requests to us?
Tagged:
  • sujith
    If it is a client application then don't write access token to a file. You need to use secure storage or app preferences.
    If it is a client application made for mass then don't hard code api_secret. Do your auth stuff on the backend application.
Sign In or Register to comment.