As of now my whole app authenticates via a token. In each flow I then do authorisation. So for my api calls I always include a couple of ids (accountId, userId).
I did experiment with sending both a JWT and also a custom encryption method but am not using this right now (decided it was overkill). See this topic as well:
Forum
Academy
Marketplace
Showcase
Pricing
Features