As an organization, we need a layer of authentication over our API endpoints so that users can only perform actions they are allowed to perform.

• There is an endpoint that allows users to log in
• There is a mechanism that requires users to be logged in to hit certain endpoints