Of course you can do all that with a basic bearer token. It’s just a signed json object with an expiration