The Drupal API Authentication module works by sending a JWT token along with your API requests for authentication. This module uses JSON Web Token (JWT), an open standard for securely representing user identity during two-party interactions.
In this step, essentially, a username and password of your Drupal site are used to first get a JWT token. Once the username and password are verified, the Drupal REST API Authentication module will create a signed JSON Web Token. Then, the API will return that token back to the client application.
