# Protected Resources

To maximize security of the protected resources, all resources in the Gifthub API are separated into two main categories based on their relation to each part of the system:&#x20;

* **Strict:** Includes all the resources changing or showing your financial state. Such as
  * Order Creation and retrieval&#x20;
  * Customer Information&#x20;
* **Relaxed:** Includes general services available to all customers, such as
  * Product List
  * Single product retrieval

You can have access to all relaxed resources with any Jwt you generate using the `/aut/jwt` Api as long as it's not expired. To be able to have access to the strcit resources you **must** use the latest generated Jwt token generated via the authentication API. Otherwise you'll get an `403 Unauthorized` error.

### Testing access

#### Relaxed Resources

`GET : /auth/status`

**Response**

```

{
    "message": "No Message",
    "data": {
        "message": "🔓 You are in!"
    }
}

```

#### Strict Resources

`GET : /auth/strict-status`

**Response**

```

{
    "message": "No Message",
    "data": {
        "message": "🔓🔓 You are so in!"
    }
}

```