[Best Practices] How to securely call external APIs from <script>?

Hi everyone,

I am trying to send API calls from a Webflow form’s data to various endpoints. The code currently works, but one of the endpoint URLs and bearer token is exposed.

This seems like a super common task and I’m wondering if there are existing best practices for how to handle this type of situation?

Read-only link.

Thanks in advance!


Yes. Use middleware to ensure you are not displaying credentials.

1 Like

Awesome! When you say middleware, can you be more specific? Do you mean tools like Zapier, Make, Pipedream, etc?

Those qualify and are low/no-code.

Great - thanks @webdev!