ThreatWatch goes beyond basic IP lookup tools by aggregating multiple threat feeds and presenting data in an intuitive, visual format. It showcases the versatility of IPinfo Lite’s API by combining it with external datasets to solve real-world security challenges. Whether used for daily operations or as part of a larger security workflow, ThreatWatch empowers users to make faster, data-driven decisions in the fight against cyber threats.
Thank you very much for the submission! I really appreciate it. I wonder if you can support access token input on the front end. I wanted to see if I can use some of the threat intelligence platform’s data like abuseipdb along with IPinfo, but it looks like the access tokens need to be hardcoded on the backend.
Thank you for your suggestion and the application already supports integration with additional threat intelligence platforms like abuseipdb. However, from a security best practices perspective, it is not recommended to support access token input directly on the front end. Allowing users to input or expose access tokens in the client-side application can lead to several security risks, such as accidental leakage of sensitive credentials through browser history, network logs, or even malicious browser extensions. Additionally, access tokens stored or handled on the front end are more susceptible to interception by attackers, which could result in unauthorized access to third-party services or data breaches. For these reasons, it is a best practice to handle all sensitive credentials, including access tokens, securely on the backend, where they can be properly protected and managed. This approach helps ensure the integrity and confidentiality of your integrations and reduces the overall attack surface of the application.
Thank you for the detailed explanation, that makes sense.
I was wondering if it would be possible to pass the access token to the PHP backend instead of using it directly on the client side. In this setup, the frontend would send the user-provided token to the backend, and then the backend would handle making the API request using that token.
This way the token isn’t exposed in the client application, but users can still integrate their own threat intelligence platform credentials.
