Also @ignasi35, wouldn’t this approach makes testing bit more complex?
i.e. I write system integration tests using Python, which makes a call to the end-points to make sure it returns something. And to do this with the “header” approach that you mentioned, the integration tests will have to first authenticate itself and make sure to attach that token to every calls it makes to the services.
Same goes for when I do ad-hoc testing of the end-points using the Postman.
Lastly, is this approach that you suggested considered a JWT approach?
Thanks,