Webs is a library not a framework, it provides you tools to build an application rather than decide on how it should be structured.
This means you need a private key in your service. An easy way to handle this is o generate one randomly with Webs_authenticatable.Private_key.random_hs256 when you start your service. Note however that this invalidates any data currently stored on your clients whenever you restart your service – that may be okay, or not, save it and load it from a 0o600 protected file if it's not. Also if you use a single service key you cannot invalidate the data of your clients on a per-user basis.