As you can see, token validation is easy to implement and adds a security layer for our API when we are working with private data. You will probably ask where the best place is to save the generated access token. Some people save the access token in cookies or sessions, but I don't recommend this because there are some associated security issues. My recommendation is to use local storage to save it only while the user is connected to the site, and then remove it after the user closes the browser, but again this will depend on the type of security you want to add to your platform.