I’m consuming Xibo API from a external web client. In order to make my requests, my client ID and client secret are hardcoded on client side and the access token is stored and refreshed on client side too.
I’m not an expert in security, but I don’t feel like it’s safe to keep everything in the client code this way. I don’t know where to start to make things better. Could you give me some pointers about best practices in a situation like this ?