Like any other API, there some methods that should check the user authorizations to grant or forbid some features and data access. To standarize this behaviour all services must implement their checks in the way this wiki specifies.
user_token
The login method from the User Service generates tokens that can be used for authentication with all other services. These tokens have a default expiration time of 1 hour from the moment they have been generated and must be renewed (a renewal method that returns a new token to a signed-in user is coming soon). Tokens for special operations or users may have different expiration times.
Service authorization
The user_token value must be sent using the Authorization HTTP header using the following format:
...