I have APIs created using Laravel and for token authentication I am using
The same APIs are used by mobile applications and SPA(ReactJs).
My problem is storing token in ReactJS application. If I use it in local storage then there are chances of security.
What is the best option to store the token in
ReactJs application while using
Important point is that
ReactJS application and
APIs Backend server are on different server.
Laravel Santcum has two types of API authentication:
Using SPA authentication is recommended in your use case for React. It has some security benefits like CSRF protection, session authentication and protecting your website against XSS attacks. When you set a session manually it can be read by third-party JS plugins but if you use SPA, it set cookies with
HttpOnly flag that can't be read by third-party scripts.
For more info read here: