1. Source API endpoint - Heartbeat fetches the data using the authentication supported by the source API (basic auth, security token in headers, URL query strings for example).
2. Heartbeat transformed endpoint - This is accessible over an HTTPS endpoint and is secured with a basic auth username:password key. As long as you use it within a secure environment (server code, or an internal network), there should be no problems. If you use it within a web app that's distributed to other users, they can see the key. However, this key is read-only and we will allow generating a new key from within the dashboard shortly.
1. Source API endpoint - Heartbeat fetches the data using the authentication supported by the source API (basic auth, security token in headers, URL query strings for example).
2. Heartbeat transformed endpoint - This is accessible over an HTTPS endpoint and is secured with a basic auth username:password key. As long as you use it within a secure environment (server code, or an internal network), there should be no problems. If you use it within a web app that's distributed to other users, they can see the key. However, this key is read-only and we will allow generating a new key from within the dashboard shortly.