Menu
I’m calling an external API from my React app and am unsure about the best course of action for storing the access_token, especially when I don’t control the server. Is using http-only cookies the only secure way, or are there other best practices, particularly when the token is short-lived?