Thank you for prompt reply. Can you elaborate how blacklisting works? Do you store those tokens on database? Can I save them on memory and check on any request or run cron job and writ to memory with 1hour expiration? We are expecting many requests and call to database on every request seems like not the best solution. What would be the best solution as we request to block user immediately? Thank you