Why you should avoid using it in client side authentication

Advanced API Mode enables a certain set of endpoints that can only be used if the feature is on and you are using your Bearer token as auth. This is because some users will use their bearer token on the client side and potentially expose their bearer token to users using their software. Due to this, some endpoints, like listing all memberships, creating plans, etc should only be enabled when advanced API mode is on. If you enable this feature, you should NEVER expose your bearer token in client side auth. You should only be using your client ID so users can never monitor the requests and obtain your bearer token.

So, in essence, advanced API mode + your bearer token enables a set of endpoints. These endpoints are:

  • Fetch all memberships

  • Ban membership

  • Reset membership

  • Add free days to a membership

  • Fetch all plans

  • Fetch plan

  • Create a purchase link

  • Send push notifications

  • Fetch User's NFT Holdings