I&#39;m planning to create a web application. 
For authentication, I want to use JWT token.
I have read everyone that is safe, but I don&#39;t understand why.
Let&#39;s say the user login and the server sends back the token. 
The user wants to see his/ her orders (its a webshop), so the frontend sends a query like 
<pre><code>https://react-my-burger-21f7b.firebaseio.com/orders.json?auth=&lt;TOKEN&gt;&amp;orderBy="userId"&amp;equalTo=&lt;USER_ID&gt;
</code></pre>As the user can see the token in the console network tab
He or she can make a query like 
<pre><code>https://react-my-burger-21f7b.firebaseio.com/orders.json?auth=&lt;TOKEN&gt;
</code></pre>with this, he can see everyone&#39;s orders and even can manipulate this data.

I'm planning to create a web application. 
For authentication, I want to use JWT token.

I have read everyone that is safe, but I don't understand why.

Let's say the user login and the server sends back the token. 
The user wants to see his/ her orders (its a webshop), so the frontend sends a query like 

```
https://react-my-burger-21f7b.firebaseio.com/orders.json?auth=<TOKEN>&orderBy="userId"&equalTo=<USER_ID>
``` 

As the user can see the token in the console network tab
He or she can make a query like 


```
https://react-my-burger-21f7b.firebaseio.com/orders.json?auth=<TOKEN>
```
with this, he can see everyone's orders and even can manipulate this data.

Why JWT token?

Product

Explore

Company

Blogs

Support