I think this is how tokens are meant to work already. Don't think you can make it much better other than looking out for possible injection points, what kind of data users are allowed to request (maybe some can more than others to facilitate different needs?), and for the token to be unique.
I don't see how/why it would need to be more complicated than that. Nice diagram by the way!
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I think this is how tokens are meant to work already. Don't think you can make it much better other than looking out for possible injection points, what kind of data users are allowed to request (maybe some can more than others to facilitate different needs?), and for the token to be unique.
I don't see how/why it would need to be more complicated than that. Nice diagram by the way!