search

Security

hashtag
JWT Handling

circle-exclamation

  • Do not hardcode JWT tokens into frontend code.

  • Do not expose JWT tokens in browser environments.

  • Prefer calling the RFQ HTTP API from a server-side component.

hashtag
Transport

circle-info

  • Use HTTPS for all production requests.

hashtag
Storage

circle-exclamation

  • Avoid storing JWT tokens in locations that are easy to exfiltrate (for example localStorage).

  • Prefer server-side secret storage or an httpOnly cookie pattern.

hashtag
Rotation

circle-info

  • Rotate JWT tokens periodically.

hashtag
Logging

circle-exclamation

  • Do not log tokens.

  • When reporting errors, redact secrets.

PreviousTypeScript ExamplesNextFAQ