![UGREEN FineTrack Smart Tracker With Apple Find My Support Drops to $9.99 [50% Off]](https://www.iclarified.com/images/news/97529/97529/97529-640.jpg)
![Apple Planning Futuristic 'Glasswing' iPhone With Curved Glass and No Cutouts [Gurman]](https://www.iclarified.com/images/news/97534/97534/97534-640.jpg)
![What Google Messages features are rolling out [June 2025]](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2023/12/google-messages-name-cover.png?resize=1200%2C628&quality=82&strip=all&ssl=1)
_sleepyfellow_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
_Michael_Vi_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
![[The AI Show Episode 151]: Anthropic CEO: AI Will Destroy 50% of Entry-Level Jobs, Veo 3’s Scary Lifelike Videos, Meta Aims to Fully Automate Ads & Perplexity’s Burning Cash](https://www.marketingaiinstitute.com/hubfs/ep%20151%20cover.png)
![[DEALS] Internxt Cloud Storage: Lifetime Subscription (85% off) & Other Deals Up To 98% Off – Offers End Soon!](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
![From electrical engineering student to CTO with Hitesh Choudhary [Podcast #175]](https://cdn.hashnode.com/res/hashnode/image/upload/v1749158756824/3996a2ad-53e5-4a8f-ab97-2c77a6f66ba3.png?#)
.png?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#)
.jpg?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#)
What type of authentication/identification is needed?
The specs: Mobile apps LLM wrapper (of e.g. OpenAI API) The chat history will be stored on the client Backend is needed to manage the api key and to track token consumption / payment (how many tokens does the user/device have left?) Because we need to track the token consumption, we need some sort of identifier: Device UUID (generated in the client): easy, but seems unsafe User account (e.g. authentication with JWT token) Others (?) I have been working on the JWT authentication and I'm mostly done, so "more work" would not be a contra anymore. I just took a step back and wondered if it's not overkill for this situation. If it increases the security of the tokens/payments tracking, it seems worth it. Any suggestions?
The specs:
- Mobile apps
- LLM wrapper (of e.g. OpenAI API)
- The chat history will be stored on the client
- Backend is needed to manage the api key and to track token consumption / payment (how many tokens does the user/device have left?)
Because we need to track the token consumption, we need some sort of identifier:
- Device UUID (generated in the client): easy, but seems unsafe
- User account (e.g. authentication with JWT token)
- Others (?)
I have been working on the JWT authentication and I'm mostly done, so "more work" would not be a contra anymore. I just took a step back and wondered if it's not overkill for this situation. If it increases the security of the tokens/payments tracking, it seems worth it. Any suggestions?
