as for each request a token is needed I am creating a token for each application which wants to access my content (Setting->API Access).
I am using these tokens for a React.JS App, which means I have to store the token somewhere in the app, and if someone understands how to investigate my source code (e.g. via the development tools in Chrome) this token can be taken to access my data even without “my permission”.
Is there any other way to do this as of now? Like for example an OAuth 2.0 mechanism.