yh i figured out a couple mins ago :/ it would be just another layer of security, we would be sure that the response is original from our auth api and not spoofed via proxy like Fiddler or so
nah, a desktop app and want to make our Auth API more secure, because rn some ppl are spoofing the auth request and basically bypassing a license verification