still not understand why next JS, currently im using Laravel + Reactjs Reactjs will call ajax to Laravel, Laravel then call API endpoint with CURL, everything is pretty safe, clients are not able to see the things from serverside as the API require client secret, we dont want to dispose the API endpoint to browser Next js likely put everything into http://localhost:3000/_next/static/development/pages/index.js?ts=1565766069530 on above example so people can access to this file and see what you are trying to call? or there should be a solution to resolve this? please do let me know