Yeah, that’s what I thought.
The problem is that with my approach I cannot make this object really private cause I need to get it’s value.
But, as this “Do search for” is actually independent of the User or anything else, I can move it to a backend workflow. So, I think (not really sure) that the most secure way would be to pass this this to a backend workflow so I can just pass the other data as parameters and safely access MangopayAuthTokens” in the backend.
Of course, that raises another problem 
I need to get the data back from this event and there’s no simple way to do this. (See Return Data from API - Can i capture the data natively in front end workflows?)
I don’t really know what is the best way here.
Or I use simple authentication, where bubbles support different dev and prod keys (so I don’t have to manage manually).
Or I make this call in the backend and return the data in some way (It’ll be slower and maybe use more database).