That’s why I asked, do you have a user base for your website where you’re authenticating people? Because if not, and if you’d done this without Netlify Functions, anyone could have checked the dev tools and got the URL you’re trying to make a request to along with the access token in this case. With Netlify Functions, at least the access token is hidden, only the response is visible.
Just like this:
Even if you had not used Netlify Functions, browsers will still show the network request and thus, what you are after won’t be possible without any user authentication. This is true for any system, not just Netlify. It’s not possible to secure unauthenticated API calls.
Here’s the way I was talking about:
It’s the most secure way that I know of because, it deletes the temporary user and thus, even if someone tries to use the same request that the browser made, it would not work again.
You can hide it by returning your own message by JSON.stringify('there was an error') instead of the JSON.stringify(error)`.