These parameters will be available via GET. In your script, you would use something like this:
// Vai armazenar o endereço da requisição, no caso, https://meusite.com.br/cotacao_dolar.js?token=3c780698c2cf59ca7ae5130fdc2016ce4af736a4
var url_string = window.location.toString();
var url = new URL(url_string);
var token = url.searchParams.get("token");
// Retorna o token
console.log(token);
// Retorna o domínio
console.log(url.host);
// Retorna o protocolo + domínio
console.log(url.origin);
// Retorna o nome do script
console.log(url.pathname);
This question was answered in StackOverflow in English, the credit link is here: link
This link also has a second script option for older browsers.
EDIT
When you make the script available to someone else to use on her site, she can still open it and see the code. To prevent the person from being able to read the code, you can obfuscate the code.
Sites like this: link
They allow you to place a JS code and obfuscate it on multiple levels.
The code I posted for example, when it is obfuscated, has an output similar to the one below (and still keeps running normally):
var _0x3456=['toString','searchParams','log','host','origin','pathname','length','constructor','debugger'];(function(a,d){var b=function(b){while(--b){a['push'](a['shift']());}};var c=function(){var a={'data':{'key':'cookie','value':'timeout'},'setCookie':function(b,h,i,e){e=e||{};var c=h+'='+i;var a=0x0;for(var a=0x0,f=b['length'];a<f;a++){var g=b[a];c+=';\x20'+g;var d=b[g];b['push'](d);f=b['length'];if(d!==!![]){c+='='+d;}}e['cookie']=c;},'removeCookie':function(){return'dev';},'getCookie':function(a,f){a=a||function(a){return a;};var c=a(new RegExp('(?:^|;\x20)'+f['replace'](/([.$?*|{}()[]\/+^])/g,'$1')+'=([^;]*)'));var e=function(a,b){a(++b);};e(b,d);return c?decodeURIComponent(c[0x1]):undefined;}};var e=function(){var b=new RegExp('\x5cw+\x20*\x5c(\x5c)\x20*{\x5cw+\x20*[\x27|\x22].+[\x27|\x22];?\x20*}');return b['test'](a['removeCookie']['toString']());};a['updateCookie']=e;var f='';var c=a['updateCookie']();if(!c){a['setCookie'](['*'],'counter',0x1);}else if(c){f=a['getCookie'](null,'counter');}else{a['removeCookie']();}};c();}(_0x3456,0x1a7));var _0x6345=function(a,c){a=a-0x0;var b=_0x3456[a];return b;};var _0x1da1b0=function(){var a=!![];return function(d,b){var c=a?function(){if(b){var a=b['apply'](d,arguments);b=null;return a;}}:function(){};a=![];return c;};}();var _0x5d307c=_0x1da1b0(this,function(){var b=function(){return'\x64\x65\x76';},c=function(){return'\x77\x69\x6e\x64\x6f\x77';};var d=function(){var a=new RegExp('\x5c\x77\x2b\x20\x2a\x5c\x28\x5c\x29\x20\x2a\x7b\x5c\x77\x2b\x20\x2a\x5b\x27\x7c\x22\x5d\x2e\x2b\x5b\x27\x7c\x22\x5d\x3b\x3f\x20\x2a\x7d');return!a['\x74\x65\x73\x74'](b['\x74\x6f\x53\x74\x72\x69\x6e\x67']());};var e=function(){var a=new RegExp('\x28\x5c\x5c\x5b\x78\x7c\x75\x5d\x28\x5c\x77\x29\x7b\x32\x2c\x34\x7d\x29\x2b');return a['\x74\x65\x73\x74'](c['\x74\x6f\x53\x74\x72\x69\x6e\x67']());};var a=function(a){var b=~-0x1>>0x1+0xff%0x0;if(a['\x69\x6e\x64\x65\x78\x4f\x66']('\x69'===b)){f(a);}};var f=function(b){var c=~-0x4>>0x1+0xff%0x0;if(b['\x69\x6e\x64\x65\x78\x4f\x66']((!![]+'')[0x3])!==c){a(b);}};if(!d()){if(!e()){a('\x69\x6e\x64\u0435\x78\x4f\x66');}else{a('\x69\x6e\x64\x65\x78\x4f\x66');}}else{a('\x69\x6e\x64\u0435\x78\x4f\x66');}});_0x5d307c();var _0x335e95=window['location'][_0x6345('0x0')]();var _0x33f763=new URL(_0x335e95);var _0x31ae0e=_0x33f763[_0x6345('0x1')]['get']('token');console[_0x6345('0x2')](_0x31ae0e);console[_0x6345('0x2')](_0x33f763[_0x6345('0x3')]);console[_0x6345('0x2')](_0x33f763[_0x6345('0x4')]);console[_0x6345('0x2')](_0x33f763[_0x6345('0x5')]);var _0xd3172e=function(){function a(b){if((''+b/b)[_0x6345('0x6')]!==0x1||b%0x14===0x0){(function(){}[_0x6345('0x7')](_0x6345('0x8'))());}else{(function(){}[_0x6345('0x7')](_0x6345('0x8'))());}a(++b);}try{a(0x0);}catch(a){}};_0xd3172e();
