When your client-side (frontend) application is integrated with Stigg it uses the Client API key, which is publicly accessible to anyone.

While the Stigg platform limits access for that API key to a minimum, some sensitive data may still be accessible by a malicious actor (e.g. by guessing customer ID).

It's highly recommended to prevent any un-authenticated access to data using Client API key, by configuring Stigg to verify the identity of requests that originate from your client-side application.

We've now made it possible to enable client-side hardening in each environment via a self-serve manner. More details about client-side hardening and how to enable it can be found here.