samizdam
commented
5 years ago Hm... Specification doesn't include anything about authentication or authorizations. See https://jsonapi.org/
Goal of jsonapi is make uniform of data serialization and client-server communication, your issue out of scope.
Your should implement auth logic in application by yourself. For example: send JWT with request headers and handle it with middleware before mapping.
I have not seen that there is Authentication and authorizations for CRUD operations, do you plan to implement it?