I read the documentation about secret tokens in APM. It looks like we can only set a single token on the APM server. If the secret_token in apm-server.yml has been enabled, it means that all agents will have to be configured with that same token. On javascript applications, it's a waste to set the token since users can open the javascript file and read the code. I didn't want to put the token in the frontend to prevent giving an idea about our APM server. How should we set it up in such a way that frontend applications don't have to set token while our backend application can use the token?
Found out secret_token is not needed by RUM. There was no need to modify Nginx and override Authorization bearer.
This topic was automatically closed 20 days after the last reply. New replies are no longer allowed.