Login
client calls login for the creds it has and gets an auth token. The auth token is then sent on each method call
db schema for security:
users
------
username | password | salt | token (default null) | token_expiration_ts (default 0)
Each time the service sees a token, it checks to see if exists in the db and is not expired and matches the username