We have security concern that generated token can be used by another user on different machine which all normal access on portal resources by capture the token during internal request within the portal, is there way to hide token or to make portal internal request in post