keita-makino
commented
7 months ago That's actually 100% true, thank you so much for the suggestion.
I changed the code not to store it in the React state and changed the install direction to use the access token directly on the function call instead of writing it down in the header.
Your code exposes the accesstoken at the front-end. Which is super duper bad.
The accesstoken is equivalent to a password. Someone could just take it, use it elsewhere and you’ll have to pay the charges.
Strongly recommend updating your code.