Y
Hacker News
new
|
ask
|
show
|
jobs
by
MattBearman
3077 days ago
Great answer. One thing I'd like to add is if you're using bearer tokens, make sure your API has an easy way to invalidate and regenerate them, as anyone with the bearer token has full access.