@Cole Murray thanks! That’s not quite what I was asking, sorry for being a little vague. The browser app that comes with prefect is very useful. In 2.0, it’s an SPA app where the messages to the API are controlled by the javascript in the browser. My concern is that if we locked down the access to the API with a custom solution within a reverse proxy, that messages from the front end app will not have a way to pick that up and send, say, an api_key.