Api authentication flow - JU-DEV-Bootcamps/ERAS GitHub Wiki

JWT, which stands for JSON Web Token, is a compact, stateless mechanism for API authentication. When a user logs into an application, the API server creates a digitally signed and encrypted JWT that includes the user's identity. The client then includes the JWT in every subsequent request, which the server deserializes and validates. The user's data is therefore not stored on the server's side, which improves scalability.

Additional to this, this tokens usually have and expiracy date, once this token is expired the user would need to login again to receive a new token but there's an alternative flow.

when the client login to the API the cliente receives an auth token and a refresh token. When the auth token expires you can restart it with the refresh token, this way the user won't need to login each time to the API if the refresh token is not expired