I'm integrating Loggly logging framework into my AngularJS client side app and although I'm using javascript minification and obfuscation, Loggly token is still easily discoverable in source code:
e.inputToken("SECRET").level("INFO").sendConsoleErrors(!0).includeUrl(!0).includeTimestamp(!0)
Is there any way to integrate Loggly more securely without tunnelling (with csrf, etc) client side logs via my app server into Loggly? What is the harm that can be done by someone getting hold of my input token apart from been able to post to my Loggly account?
Right now if someone gets a hold of your Loggly token, they can post to your Loggly account, as you pointed out. Its best to raise this issue directly with [email protected]