Each client will get a unique token. Tokens for each user will be randomly generated. These tokens are unique for user and client and they may expire. It’s the client’s responsibility to always keep the token up-to-date


required headers:
  :access-token: unique token for user. may expire and must be recorder within each
  :client: identifier for the app using the token
  :expiry: timestamp (when the token expires)
  :token-type: Bearer
  :uid: user id (email)