Refer to attached sequence diagram
From the UI Frontend to access our backend data source API in a VPC, it is required to first obtained an auth token from AWS API Gateway. Then, using this token to call the data source API.
When this auth token response to UI Frontend, I understand that this token will shows in the response (correct me if I am wrong). This token will have the chance to expose and poses security risk.
Questions:
- Does Retool hava a more secure way to store this kind of token when it responds?
- Is there a way to secure hide this token from possible public access? And, still available to use in next steps data source API call?
Thank you.
