Behind today’s APIs, it’s common to have many services processing a single request. Gone are the days when a monolithic application was exposed directly on the internet and was responsible for handling an entire API request.
To process the request, that service will often call other data sources or services, which might call even more services and so on.
With this data in hand, the service can know who is requesting what and on whose behalf the request is made.
Identity distribution helps ensure that in the complex mesh of services comprising your API, every party handles requests securely and performs informed authorization decisions.