JWT Token: For authentication over REST Api's we commonly use JWT to secure our data. SSL creates protected layer for encrypting the website which forces only verified user can login though website. Although it is secured there is a chance the user can use the JWT token to decode and use the data from REST Api's. To avoid that we can create an algorithm to decode the JWT token with AES encryption. The private key is dynamic which makes the attacker or user harder to decode the secured token. These three steps creates an extra layer to protect the JWT token. 1) The private key is dynamic. 2) The request of REST API's is only accepted through website URL(https://abc.com) 3) Backend verifies and generates a new private key for every request.