I just posted this Angular Template for a Basic Epicor Web App Using Rest I would suggest you follow something like this to make any apps that will be used by someone other than you on your computer.
The app above uses the Epicor Token Endpoint to authenticate and never holds any secrets other than the JWT which is signed (can’t be tampered with) and time limited.
It also uses an API Key which can be scoped down to the service / end points that you want to expose.