sign is not saved, is dynamic, and is encrypted based on submitted parameters. It is mainly used to prevent man-in-the-middle attacks or data integrity

1. The algorithm of sign is publicized by the server. The parameters inside are known by the client. The client calculates the sign by itself every time it requests.
2. There is no need to save the sign every time it is calculated. The context you gave for the token is not enough. Explain what it is. It may be the following two things

1. Commonly known as "secret" is a private string issued by the server to the client. The client needs to protect this string from leaking and use this string to participate in signatures each time to verify the client's legal identity. The client is usually placed in the configuration, and the server usually has a database to maintain the secret values ​​of different clients

2. Commonly known as "access token", a string similar to session id obtained by the client through the login interface request, representing the login status

In order to prevent attackers from tampering/forging requests, the elements of sign generally contain at least one element that is difficult for attackers to obtain. The most common one is the secret agreed upon by both parties

In order to prevent replay-attack, it is best to include unique request sequence number/millisecond time and other types of elements in the data packet, and perform deduplication processing on the server side

3. This is about the processing method after the server receives the request. It uses the sign algorithm to calculate the sign value through various parameters in the received request, and compares it with the sign value submitted by the client to check the client. Whether the calculation is correct.

Suggestion: If you have read too much in the title book and done too little, go and connect with several actual API interfaces, especially OAuth, and you will basically understand these things

Public means disclosing it to your own people. If you want to worry about this, there is nothing safe in my world. I can’t handle it either