Webs is a library not a framework, it provides you tools to build an application rather than decide on how it should be structured.
Webs' view of a web service is however not different from most web server-side frameworks and sees it as a function mapping HTTP requests to responses.
This means you need a private key in your service. An easy way to handle this is o generate one randomly with Authenticatable.random_private_key_hs256 when you start your service. Note however that this invalidates any data currently stored on your clients whenever you restart your service – that may be okay, or not, save it and load it from a 0o600 protected file if it's not. Also if you use a single service key you cannot invalidate the data of your clients on a per-user basis.