Advantages: This doesn't require an extra port (4243) to be open on the Qlik Sense side, it also doesn't require TLS mutual authentication (client certificate authentication)

Drawback: Customer needs to set up an extra virtual proxy for JWT authentication

When setting up this type of authentication in QDC, the customer will provide the private key of the certificate put inside the virtual proxy settings.

QDC will need some kind of code to generate a JWT token (libraries for different programming languages available that will be sent in the "Authorization" header to initiate the session, once Qlik Sense receives the token, it will create a session for the user (same way as with ticket authentication), from this point QDC should re-use the session cookie to maintain the same session at the time it does the API calls

Please note that there is a 5 sessions limit in a 5 minute interval on Qlik Sense license that are not core-based (QAP and core-based QAP) (which also applies to ticket authentication), I am not familiar if QDC has a mechanism to workaround this in case it needs to do different API calls in shorter sessions.