Cesium Community

security of IonSource

Rendtime March 17, 2025, 1:53pm 1

hi， Dear experts
I would like to inquire about the security of IonSource.
I often use HTTP, using the following code:

const resource = await Cesium.IonResource.fromAssetId(layer_id, {
server: access_server,
accessToken: access_token
});

When requesting, it is:
/v1/assets/{id}/endpoint? access_token=xxxx

I have the following doubts

Isn’t it easy for others to get the access_token on the webpage? If someone else gets it, what’s the point? How to prevent this situation
Passing/v1/assets/{id}/endpoint in HTTP will expose the entire URL. Is there any other method

Thank you

Topic		Replies	Views	Activity
Using Ion assets from other mapping libraries CesiumJS	1	371	August 22, 2018
Cesium Engine not using authentication header CesiumJS	5	172	December 4, 2024
Cesium Get v1/assets but returning 404 error Cesium ion	1	590	October 21, 2021
Cesium Ion Unauthorized CesiumJS	1	666	May 29, 2019
How to get IonResource id 1240402 Cesium ion	6	341	September 25, 2023