Hi,
Currently I am working on integrating chat application into out product. This chat application is handled by third party. This third party has provided username, password to make API calls. Each call should have Authorization bearer token in the https request header to retrieve data. My question here,
- is it secure to send this token to our UI and make calls to third party services(which another domain) ?This way for each logged in user, UI will be using same creds.
- Or our backed services should make calls to third party and in turn provide to UI ?