I'm using a system that uses the JWT token pass for authentication, the problem is that I can easily collect the headers of the API calls and pick up my token to be able to request what I want and pick up the data of any user. I believe that programmers are only blocking the route based on this code:
Route::group(['middleware' => 'jwt.auth'], function()
I'd like to know something to address this problem (a second authentication or blocking method so that users who have token can not collect information from other users and inform the programmers because I'm afraid of having my data collected by some other user with second thoughts.