Hello @felix3! Welcome to the community.
This is safe because the Next.js SDK is used for Regular Web App (RWA), which are private clients and can securely store secrets, specifically the client_secret. This is completely safe.
We do recommend short lived access tokens, but be cautious of hitting rate limits. It is possible to cache API Access Tokens which I’ll link here: Caching Management API Access Tokens in Login Action. This can help with using the same token instead of always getting a new one and can be done using actions.
Here are some more docs that may help:
Get Management API Access Tokens for Production
I hope this helps!
Best,
Alex