If your app is going to let people log in and create accounts, then you should be using an authentication protocol like OAuth2 or OpenID Connect to do it. These protocols are designed specifically for the task of letting users sign into apps securely. They provide a standard way for clients (like your website) to request access tokens from servers (your API). The server can then verify that the user has given consent by logging into their account on the server before granting access
https://t.co/8AhCUrRrbn