ORDS REST services that return specific user related data need more authentication than just a client_id and client_secret. It must be ensured that a user only has access to his own data, and not the data of any other user. So in the REST service call we must determine the identity of the calling user, in a secure way. A good means to do this is by making use of JSON Web Tokens (JWT). In this session we will explain how JSON Web Tokens are put together, and how we can take advantage of the JWT features in the latest versions of ORDS. Also the use of JWT in APEX is discussed.