What is the best way to authenticate third party calls in Adobe XD to secure your confidential data

I want to secure API calls send from xd plugin to third party , I tried to use JWT but secret key is exposed in this case .Can anybody help

I guess one way would be for your plugin to send a request (without any secrets in it) to a server controlled by you, and then it can then forward the request — along with your API access secrets — to the intended third party. The response can then be passed back to your plugin via your server.

But how can authentication xd plugin user without sending any access token or secret key ,I need some details from client side to server side to check authentication for valid users
I found the solution by using xd privilezed plugin APIs where I can get accesstoken by calling IMS module without giving any secret key