[feature] SC-166737/improve app proxy security by restricting where token replacements can go

[HappyPaul55]

This pull request updates the API configuration in the manifest.json file to improve how sensitive settings are injected into outgoing requests. The main changes introduce a new settingsInjection field for both the Monday.com API and OAuth token endpoints, enabling automatic injection of authentication and client credentials.

API authentication improvements:

• Added a settingsInjection field to the Monday.com API configuration to automatically inject the access_token into the Authorization header for requests.

OAuth credential handling enhancements:

• Added a settingsInjection field to the OAuth token endpoint configuration to automatically inject the client_id and client_secret into the request body for authentication.

[github-actions]

Build for commit 68d1dae deployed to: https://mondaycom-pr-54.ci.next.deskprodemo.com

URLs:
https://mondaycom-pr-54.ci.next.deskprodemo.com/horizon-ui/app

[Copilot]

Pull Request Overview

This PR enhances security for the Monday.com app integration by introducing automatic credential injection through a new settingsInjection configuration in the manifest. This approach restricts where sensitive tokens and credentials can be injected in outgoing API requests, improving the app's security posture.

• Added settingsInjection configuration to the Monday.com API proxy endpoint to automatically inject access tokens into the Authorization header
• Added settingsInjection configuration to the OAuth token endpoint to automatically inject client credentials into the request body

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.