I'm creating an app that needs to fetch data from a server.
Currently I'm using an API Token on the backend to retrieve some data from Zendesk, sending the API Token from the frontend as described on the documentation.
I need to send the email and Zendesk instance (and some more data) to the backend in order to request Zendesk properly.
However, of course I can't send this as raw data. I'm thinking about creating a json web token from the front end containing this data on the claims.
The server should decode this token using the shared secret and get the required data.
My doubt is, what's the best way to store the shared secret? Is it a bad practice to use the API Token as the shared secret? I could send the API Token as query parameter and encode the jwt with that. From the backend, I could pick the API Token and decode the jwt. Does it make sense?
Thank you so much,
Please sign in to leave a comment.