Api token in request header is secure?

Quick question: I need to call some api from UI with api token in request header. Is there any security concerns? Thanks for your quick response!

If you mean you are making this call on your front-end client, then no, it is not secure. You should not be sending the API token in requests on the front end, only in requests made via a secure backend server.

Thanks @andrea!
Besides the insecurity api token in UI header, we also have the CORS issue since https://xxxx.okta.com/api/v1/users/userID is not CORS enabled. So in order to solve the 2 issues here , what would you suggest to make it work and also secure? Looks like we need to create a backend server which connect to okta api? Thanks again!

That’s right, if an endpoint is not CORS enabled, you will need to use a backend server to make the request