We have implemented a RESTful API that serves the information to be displayed into our Aurelia web app. This API doesn't have any security mechanism, so if any malicious users get the endpoint URL, they can run malicious scripts against our application and ruin our application. For that reason, we should reject any management operations performed by unauthorized users.

Our app should implement a mechanism to manage user's access and privileges. There are many ways to implement authentication and authorization. For our application, we will be using an open standard in the industry called JSON Web Token (JWT).