we can develop a web so all user has to send their credentials and get the token if user is valid from server side. so the validated user will send token for all subsequent call.
1) we are using ssl certificate with web api hosted then when user will send their credentials to server then how user's credential will be secure ?
2) when token will be passed from server to client then any one can steal that token. so how to secure token ?
please tell me. thanks
