For security reasons, we require the Profile API only be used server-side. The Profile API allows you to look up data about any user given an identifier (e.g. email,
userId) and an authorized access secret. While this enables powerful personalization workflows, it could also let your customers’ data fall into the wrong hands if the access secret were exposed on the client.
Instead, by creating an authenticated personalization endpoint server-side backed by the Personas Profile API, you can serve up personalized data to your users without the risk of their information falling into the wrong hands.