We are building a Freshdesk sidebar to assist customer support agents. The sidebar needs to make calls to our backend servers to fetch relevant information about the ticket page they are on. What are the best practices to authenticate the API call to our servers to make sure the call is originating from a valid logged-in Freshdesk user and getting logged in user details? I saw this documentation and was wondering if this is the recommended way: JWT. In this implementation, how is the secret managed at the client sidebar?
Any feedback or pointers would be greatly appreciated. Thanks!