The xServer internet token is an API-key used to authenticate and bill the requests.
If a client-application accesses xServer internet directly, the token can be sniffed by intercepting the traffic or looking into the code. However, the API-key cannot be used to access any security relevant customer data. If you don’t want to expose the token to the client, you can proxy the xServer internet access in your application server and inject your token here.
Here are two scenarios to create a proxy that injects an xServer internet token.
You can add a virtual host to proxy your xServer-Requests, by configuring the httpd-vhosts.conf. The xServer can be acessesed with the authentication of your WebServer then, while the requests are relayed and the token is injected.