DEV Community

Discussion on: Mold an amateur's API authentication approach

mikkel1156 profile image
Mikkel D.

I think this is how tokens are meant to work already. Don't think you can make it much better other than looking out for possible injection points, what kind of data users are allowed to request (maybe some can more than others to facilitate different needs?), and for the token to be unique.

I don't see how/why it would need to be more complicated than that. Nice diagram by the way!