I have a Blazor WASM standalone application that consumes a Web API authenticated via a JWT token. Since the nature of web assembly, the token, API endpoints, query strings and payloads are exposed to the client. I want to protect the server side Web API against parameters changes on calls (e.g. if the user copy the token to Postman and makes request changing query strings or payload).
I know this can be done manually validating every request parameters with service principals stored in the token, but I want to know if there is a correct or builtin way to achieve this.
Thanks in advance to everybody