TrackJS: how to prevent attackers from using my token?

Question

I'm planning to use TrackJS to monitor errors from my app but by reading the documentation it seems that my private token must be exposed on the browser:

<script src="https://cdn.trackjs.com/agent/v3/latest/t.js"></script>
<script>
  window.TrackJS && TrackJS.install({
    token: "YOUR_TOKEN"
  });
</script>

The API have limit of request that I can do. So, an attacker could stole my token by reading the source code and make many requests to TrackJS API using it. How can I prevent this type of attack?

score 1 · Answer 1 · answered Aug 10 '21 at 15:07

The token is not actually "private". It's fine for others to see it. It's no different than a Google Analytics account/token, or any other third party service identifier. It's just a way for us know which account to put the errors in.

Your account does have API keys and other things that shouldn't be shared, but your installation token is not one of them.

TrackJS: how to prevent attackers from using my token?

1 Answers1