Designing a Pragmatic RESTful API

[shaydoc]

You don't need to do a database look up if you stuff some context into your token and encrypt it with a secret key.

When the server receives the request it can simply decrypt the token and deserialize it into some sort of strongly typed usercontext.