Essential information about intended usage
To clarify, calling the MX APIs from behind your own web-services layer is fine, whereas directly calling them from within any webpage or client application is not, as this would publicly expose security tokens and API patterns. Calls from client devices or applications should never be made directly to the MX APIs. Instead, they should be routed via a secured layer that doesn’t require the public exposure of the API's methods or security tokens.
Updated about a year ago