- Client has to sign message(the message will be user bear token) with private key
- Client adds signed message and public key to request header.
- Server get public key by verifying the signed message
- Server check retrieved public key is matched the public key that added in request header
- Server use this public key as a user ID