Nice article, but I have a question, If I want to design an API that is used by both web and mobile, so how can I design it for mobile?, because mobile doesn't support for cookie like the web. Hope to get reply from you and other contributors.
Thanks for your question.
This approach is only for web, for mobile it is completely different, we need pass the JWT as Authorization bearer token. so we need to go with separate APIs. for example api/mobile/login instead of api/web/login
Nice article, but I have a question, If I want to design an API that is used by both web and mobile, so how can I design it for mobile?, because mobile doesn't support for cookie like the web. Hope to get reply from you and other contributors.
Thanks for your question.
This approach is only for web, for mobile it is completely different, we need pass the JWT as Authorization bearer token. so we need to go with separate APIs. for example api/mobile/login instead of api/web/login
you want try secure storage, sqlite, sharedpreferences.. etc etc