Hi Reid,

If you read the article on the new freecodecamp website then you might not find the code (their move off of medium caused this issue), here is the link to sudo code,
https://gist.github.com/ramesh-dev/46804f9dff0ff78ee0f6fc31cb5005ca#file-api-key-sudo-code-java

And Regarding JWT, yes you can very well use it, here is how,
- you can generate public/private keypair and share it with the user and storing only the public key in your end,
- so on each request consumer can generate JWT token, sign using the private key and send it to you
- on the server end, you can verify the token using the public key and proceed.