As depicted in the following flow diagram, the first user gets a token and then invokes the /identity APIs. The filter intercepts the request, takes the token passed in the request header, and validates it against the /authorize/jwt/verify-token API. If the token is valid and has not expired, it passes the control to the controller. Based on the request URI and the request method, the request is mapped to create, update, get, or delete functions defined in the Controller, and the Client request will be fulfilled by the Server: