Reputation: 145
TrackJS: how to prevent attackers from using my token?
I'm planning to use TrackJS to monitor errors from my app but by reading the documentation it seems that my private token must be exposed on the browser:
<script src="https://cdn.trackjs.com/agent/v3/latest/t.js"></script>
<script>
window.TrackJS && TrackJS.install({
token: "YOUR_TOKEN"
});
</script>
The API have limit of request that I can do. So, an attacker could stole my token by reading the source code and make many requests to TrackJS API using it. How can I prevent this type of attack?
Upvotes: 1
Views: 374
Answers (1)
Reputation: 31
The token is not actually "private". It's fine for others to see it. It's no different than a Google Analytics account/token, or any other third party service identifier. It's just a way for us know which account to put the errors in.
Your account does have API keys and other things that shouldn't be shared, but your installation token is not one of them.
Upvotes: 1
Related Questions
- How to make Google Analytics respond to "Do Not Track"
- Trackjs: ignore rules by token in user agent
- How to secure the JavaScript API Access Token?
- Authorization token Bearer through javascript security
- How to add extra layer of jwt security when the token is stolen
- Protecting access token from XSS attack
- TrackJS and GDPR and SPA
- How to protect sensitive data on a SPA using JWT tokens
- AngularJS - How to make a token inaccessible from console or malicious attacks?
- Trello token security issue?