Noticed that the api-key specified for the super token core is getting added in to the request header at the client side, wondering if this is right behaviour since I thought that the back end node app is proxying the call to super token core.

This shouldn’t be happening. The frontend shouldn’t have the api key. Can I see the request header of the api call? And which api is this?

😥 Never mind the issue was with my browser adding the header value due to the ModHeader plugin

Cool!