I need an experienced developer to architect and implement a secure API-token system that my Chrome extension can use for data access to individual user accounts. In this first phase the token will only be consumed by the extension, but the design must be future-proof so that the same mechanism can later be integrated into a companion mobile/desktop app without major refactoring. The token’s sole purpose is to allow the extension to pull and push user-specific data after the person signs in. Because of privacy requirements, I am not adopting OAuth 2.0 or standard JWT; instead, I’ll rely on custom security protocols that we can define together. Expect to work on: • A lightweight auth endpoint that issues, refreshes, and revokes tokens • Encrypted token storage and transport logic suitable for a Chrome environment (Manifest V3) • Detailed technical documentation so my team can plug the same flow into a future app • A short security review checklist covering threat scenarios we identify during development Acceptance criteria • Tokens can be generated, refreshed, and invalidated via API calls, with response times under 200 ms on a test server. • The extension successfully authenticates, fetches, and writes sample user data using the issued token, verified through a demo. • Documentation is clear enough for another developer to reproduce the setup in under an hour. I’m ready to start as soon as you can outline your proposed approach and timeline.