Hi all,
I would like to offer my users the ability to get information about their account via API request. Obviously, I wouldn't be exposing all the endpoints, just one or two which my users will have access to.
My plan is to create a second method of authentication for these endpoints (not the same authentication they use to access their data via the frontend).
I would like to offer my users the ability to generate tokens for these endpoints, which they can view from a settings page on the frontend. This would mean the authentication tokens for these endpoints will need storing somewhere.
What's the safest way to do that? Would it be as simple as generating an auth token and storing it as a password data type against the user?
Thanks