Hi,
this event supports only basic authorization.
I can suggest to use HTTPServer.OnCustomResponseEvent .
this event is designed for processing unknown requests. You can remove all dispatchers so all requests will be handled by this event.
in this event you can parse incoming request (headers & data) for JWT token and generate response (headers & data).
see more at Using OnCustomResponseEvent in a ROSDK Server snippet or related topics.
if you are looking for HTTPAPI autorization, you may look at uROHttpApiSimpleAuthenticationManager.pas - it demonstrates bearer authentication