1
To make some requests to the API it is necessary that you are logged in to the site. However, I had no idea how to do this, as I knew that API has no sessions. So, I did a search and found the access tokens (API Tokens) and implemented in my application. Basically, at the end of the login, a token was generated that was saved in db, and later when a request was made to the API, it was compared to what was sent in the parameters and what was in the database for verification. A friend warned me that was gambiarra and also I realized that some companies do not use this method.
What would be the most correct method to solve this problem? Using JWT would be a good?