1
Staff would like a recommendation:
I own an angular site that communicates with an API[API 1] Asp net core and authentication is done via jwt token. This API communicates with another API[API2] also through jwt token. Currently for each request API1 makes to API2, it logs in at all times to get the token, and uses until the end of the process.
Would you have a suggestion of how to store the token in that communication between APIS ? Is it worth storing it in the bank ? Considering that I have a valid token to access API2, is it worth going in trial and error ? That is, I only ask for a new token when I take an unauthorized 401 return ?
But that’s the thing about Token, isn’t it? Makes the login useful the token so there is no need to search the user all the time and make the queries in the database. Finished the request or time, another token. Storing it in the database is a serious security error.
– Henrique