TODO:

• http utility:
  
• add parameters to the ProcessHeaders to enable/disable token/role-access-rights checks
• check for Content-Type header, if clients expects something other than JSON respond with appropriate HTTP code