We are using the GoodData UI to embed components into our application. Using the examples, we are able to embed the Insight. However, we are concerned about the authentication being used between the component and GoodData backend. When reviewing the web traffic, the API token is clearly visible to the end user. The API token allows for much more than just rendering components. Is there a different way to authenticate so that end user does not see the API token in the Web traffic? In the samples website does not seem to have the same issue. If it helps, we are using the tiger backend provider. We also saw reference to bear backend provider. It was not clear how they are different. Our application is based on NextJS, so we have server side capability, we can use that.

Hi, Tiger backend works with GoodData Cloud and GoodData.CN and Bear backend works with GoodData Platform which is a different product. Although using injected API tokens as an authentication, we do not recommend it using it in production environment as it can lead to security issues. We recommend using context deferred authentication and setting up your own OIDC provider as described in the following documents. https://sdk.gooddata.com/gooddata-ui/docs/cloudnative_authentication.html#context-deferred-authentication https://www.gooddata.com/developers/cloud-native/doc/cloud/manage-organization/set-up-authentication/

Thanks Jan for the clarification