JSON Web Tokens (JWT) are an open standard for securely transferring information between parties, utilizing digital signatures through private or public/private keys to ensure data integrity. The primary benefits of JWTs include authentication, authorization, and secure information exchange in a compact format. Within the Kong Gateway, a custom plugin called x-custom-jwt is proposed to convert legacy API Key or Basic Authentication methods to JWT tokens, facilitating secure access to backend APIs. This plugin helps in token exchanges, supporting scenarios like Backend for Frontend (BFF) to prevent token misuse across call chains. A JWT comprises a header, payload, and signature, where the signature is created by encoding the header and payload and then signing it. The x-custom-jwt plugin creates custom JWTs using input authentication properties, signing them with a private key converted to PEM format, and adding them to HTTP request headers. However, the plugin requires integration with Kong's security plugins to ensure authentication validity. Deployment involves updating both the Control and Data Planes in Konnect, Kong's hybrid architecture, and involves steps like uploading the plugin schema and configuring the Data Planes. Testing the plugin requires setting up routes and services in Konnect and verifying JWTs through jwt.io. Although the mechanism does not replace OAuth 2 capabilities, it can be adapted for various use cases and security plugins, with suggestions to incorporate practices like key rotation for enhanced security.