Help (simplified).
Authentication - login.
Authorization - getting access to information from the database.
If you create a session for users of your application, then when the user logs in to the server, the session is initiated and the server sends the session id to the client in cookies.
In subsequent requests to the database, the server reads this session id from the cookie, accesses some internal database (usually in the form of a key-value, where the key is the session id, the value is the user's mail, for example) then accesses the database, retrieves the data for the user (we defined it in the previous step) and is returned in response.
Such a system is called stateful .(because we have to store information about authenticated users on the server). This does not fit with the RESTful API concept, which implies that the server must be stateless (do not store information about authenticated users). The json web token
helps to achieve this , as it stores all the information needed to authorize the user . This allows you to write a RESTful API( stateless ) What to read: session-based authentication, token-based authentication