Workfront allows you to pass variables into the url of an external page:
? ID = { ! ID } & session = { ! $$SESSION }
I'm embedding a custom page (node.js Express server) made with data from the Workfront API and using the SessionID from the url to authenticate the API requests. I have some concerns on the best practices around this approach.
I imagine exposing the sessionID in the url like this is a security concern.
There's a few different approaches I have in mind for managing this, but I was wondering if anyone else has some experience on how they handle it in a "Workfront way" Connor Butters