To make certain requests to the API, you must be logged in to the site. However, I had no idea how to do this, because I knew API does not have sessions. So I did a search and found the access tokens (API Tokens) and implemented it in my application. Basically, at the end of the login was generated a token that was saved in the db, and later when a request was made to the API, it was compared what was sent in the parameters and what was in the database for verification. A friend warned me that it was gambiarra and also realized that some companies do not use this method.
What would be the most correct method to solve this problem? Would using JWT be a good one?