Only advices (at this critical juncture) are to keep your website’s CSP very tight, your APIs authenticated. and protected by MFA especially to supplant PII with website-specific index/sequence numbers. Also to mandate HTML5 nonce element usages on all things referenced.