TODO:

• http utility:
  
  1. add parameters to the ProcessHeaders to enable/disable token/role-access-rights checks
  2. check for Content-Type header, if clients expects something other than JSON respond with appropriate HTTP code