When accessing the Bright API from a web page, the recommended approach is to use a Bright API Key.
This is a limited duration access token that can be passed to the Bright API. Typically it is bound to a particular user, as denoted by an email address, and its capabilities are limited to the capabilities of the user.