The JSON Web Token (JWT) framework is based on a public/private keys. The developer provide callstats.io with the public key and use the private key to generate tokens for their users. The tokens are generated by the origin server (it require some server-side code) and these tokens are validated by callstats.io. Thus JWT mechanism it provides a higher level of security.
The mechanism is explained in more details at: https://www.callstats.io/2016/09/29/3rd-party-auth-jwt-tokens/, and code examples are available at: https://www.callstats.io/api/#third-party-authentication
In the callstats dashboard you can create an ECDSA public key as shown in the example below.