Authentication is the mechanism of associating an incoming request with a set of identifying credentials, such as the user the request came from, or the token that it was signed with . The permission and throttling policies can then use those credentials to determine if the request should be permitted.