Security
Public IDs on the client. Authority on the backend.
The widget uses public identifiers in the browser, while the backend remains the source of truth for credits, sessions, and store state.
Security
The widget uses public identifiers in the browser, while the backend remains the source of truth for credits, sessions, and store state.
The storefront only receives public identifiers required for widget initialization.
Store state, credits, device usage, and protected actions are verified on the backend.