Akash - sandboxhc

We are working on integrating the Gainsight Insided platform (API endpoint: https://api2-us-west-2.insided.com/v2/topics) into our Zendesk Guide community homepage (homepage.hbs file). This integration involves using the JavaScript Fetch API method to fetch and display topic data from the Insided platform.

Current Challenge:
Currently, we are using a manual process where we generate a Token ID from the Insided platform and use it within our script. However, this approach exposes sensitive credentials like the Client ID and Secret Key in the browser, which poses a significant security risk.

Our Requirements:
We need a secure and efficient method to achieve the following:

1. OAuth Implementation: Set up OAuth to dynamically obtain access tokens without exposing the Client ID and Secret Key in the browser.
2. Token Usage: Utilize the generated tokens securely within the homepage.hbs file to fetch topic data from the Insided platform and render it directly on the Zendesk Guide community homepage.

Request for Guidance:
We are looking for best practices, recommendations, or alternative approaches to securely implement this integration. Specifically, we would like advice on:

• Securing the OAuth flow in this context.
• Preventing the exposure of sensitive credentials.
• Any specific methods or configurations recommended for Zendesk Guide custom pages to handle API integrations securely.

Your expertise and suggestions on this matter would be greatly appreciated! Thank you in advance for your assistance.