Token-based authentication is more common in the modern enterprise applications because it is stateless, unmodifiable, and of course, secure in nature. JWT is one of the most popular token-based authentication mechanisms. 

A JSON Web Token (JWT) is a JSON object representation in an encoded format. This is used for authentication and authorization and is based on the RFC 7519 standard. This is a compact JSON model used for managing stateless authentication and claiming verification over the web interactions. In a JWT, the claims are encoded as a JSON object in the payload part of the token. This is digitally signed and secured through the interaction of two parties; for example, this could be the client and the server.

Once the user is authenticated against the server, the JWT token is digitally signed and trustable. It carries a sufficient amount of information about the user.

A service can take this token in the request as part of the existing auth interaction it had in the first place, and this time, it doesn't look in any LDAP/databases for authentication. This means that once the user is authenticated, the subsequent request need not contain the client credentials. Instead, the client can just pass the token obtained as part of the request, and the server looks at the token and grants the access to the resources based on the token validation.

The JWT token can either be passed in the request header or the request parameter, as it is in an encoded format.