Certain aspects involve facilitating the integration of sensitive data from a data provider into an instance of a web-based, third-party application. For example, a data provider service can receive an authentication API call from a third-party system. The authentication API call can include a user identifier and a request for an access token usable by a web-based interface of the third-party system. The data provider service can generate an access token for the third-party system from which the authentication API call is received. The data provider service can subsequently receive, from the user device, a feature API call including the access token and a feature request for sensitive data. The data provider service can generate output data specific to the user identified by the access token included in the feature API call. The data provider service can provide the output to the user device via the web-based interface.