Clientside API Keys

I am getting some data from the Github API.
Github sent me this message: 'We noticed that a valid OAuth access token of yours was committed to a GitHub repository. Disclosing a valid access token would allow other people to interact with GitHub on your behalf, potentially altering data, your contact information, and billing data. As a precautionary measure, we have revoked the OAuth token. ’

How can I host this as a static site while keeping the token private?

Credentials of any kind are usually put into some kind of configuration file, which is not under version control. Knowledge about this file’s structure is then shared verbally (or by example) in the setup instructions.

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.