• The end user (REST client) is authenticated using the REST Auth API (Loginapp). 
• After successful authentication, IAM issues a JWT to the REST client.
• The JWT can be used on 3rd party systems that are not connected to IAM
• JWTs in requests sent to Airlock Gateway are authenticated by inspecting the JWT. This involves IAM's one-shot interface.
• The example uses username/password authentication (no second factor).