Securiy - starting point

1. Security should be an integral part of your development process
2. Use standard secure solutions
3. At the same time - don’t trust services
4. Read about best security practices and implement them in your code

"I am not sure how to do it securely"

Most likely, your concern has already been thought about many times and by many developers. OWASP foundation has summarized best practices in their Development Guide (opens in a new tab) in form of checklists about different topics, so you can download and use it when implementing a new feature.

There is also a web version of OWASP cheatsheet that has recommendations about any topic (authentication, CSP, GraphQL security, input validation, key mgmt, etc) when you need it in your work: https://cheatsheetseries.owasp.org/index.html (opens in a new tab)

Tips for front-end developers

Read about best practices for front-end with examples here.