Access tokens, or bearer tokens, are crucial in token-based architecture for granting clients access to protected resources, but they pose security risks if stolen, allowing unauthorized access by bad actors. A solution to enhance security is the use of sender-constrained tokens, which bind tokens to the client's cryptographic keys, ensuring only the rightful owner can use them. This approach, known as proof of possession, addresses vulnerabilities by requiring the client to prove authorization through a cryptographic process, such as mutual TLS (mTLS). Implementations like Kong Gateway Enterprise 3.5 support certificate-bound access tokens via mTLS, ensuring that the client certificate matches the token's thumbprint, enhancing security in environments with high requirements such as financial services, e-health, and e-government. This method aligns with the requirements of financial API (FAPI 2.0) and provides a robust defense against token misuse by verifying the legitimacy of the token bearer.