CA Live API Creator: Preventing the auth token from being visible in the HTTP headers via the browser dev tools

Document ID : KB000093106
Last Modified Date : 10/05/2018
Show Technical Document Details
Question:
How can we authenticate users without having the auth token exposed in the HTTP header via the browser dev tools?
Answer:
You can use the Gateway to authenticate and authorize API users into LAC. All API calls are then channeled through a dedicated port with mutual trust between Gateway and LAC without the auth token. See Integrate with API Gateway in the LAC documentation for further implementation details.

https://docops.ca.com/ca-live-api-creator/4-1/en/configuring/integrate-with-ca-api-gateway