Add path for v2: due to the design of the current architecture, jwt tokens are strictly needed and there was no impact on leaving this path out. Suppling no jwt to the request ended in an validation error in the controller. adding a jwt token via authorzation header automatically invoked the authorization chain and required the jwt tokens to be properly signed.