Alternative approaches to Iframes for content distribution via json api

I am currently working on a project that uses iframes to distribute content to customers. Going ahead we would like to switch to a json based rest api to deliver the content. Api access would need a token to which specific content could be exposed and traffic limits set.

To replace the frontend appearance of the iframe I am thinking about writing a reusable bundle using a lightweight react alternative like preactjs. But this would mean exposing the raw api and the specific token to the end user. Simply routing user requests via the customers server would conceal the token but still allow raw api access to the enduser.

What would be a good architecture for such a use case?

Are there server side rendered solutions that can easily be implemented across a variety of backend frameworks, without rewriting everything for each customer that is?

Thanks for any advice