JSON Web Token Details

API services should authenticate (validate tokens) on every call to support/promote scalability.

To also reduce the reliance on sessions, internal services (beyond the initial validating service) can implement shared-keys or other high-performing microservice authorization practices to reduce token validation activity on internal microservice communication hops.

Services will also be required to inspect the JWT for components related to both authentication (identification) and authorization. The JWT will contain, for product tokens, values of Consumer Name (ConsumerName) and Consumer Product (ConsumerProduct). Moving this data into the JWT ensures the information cannot be tampered.