I am busy developing a website that interacts with a mobile app via API’s. My developer on the mobile side suggest that I use token authorization for extra security.
I am intermediate when it comes to building web applications and php and want to know if this is necessary. Can a hacker run php scripts and inject ‘test’ login id’s against passwords to gain access?