In practice, [pinning service] users can create their own keypair and register the DID with the [pinning service] UCAN service to get a UCAN token. The [pinning service] user is then free to create user UCAN tokens derived from their registered UCAN.
[..] these derived tokens can be used to limit end-users to upload either any data or data with a specific CID within a scoped time period. When a token is used, [pinning service] can validate it by looking at the chain of proofs used to derive a token, checking the cryptographic identity of each signer of the token.
:point_right: This is a good first issue if someone wants to open a PR – all you need it to update docs here.
Use of UCAN does not require any API changes, already existing
Authorization BearerHTTP header can be used for UCAN. We should document this in Authentication section at https://ipfs.github.io/pinning-services-api-spec/#section/AuthenticationReference / prior art: