Phoenix Token for API-auth, salt per user or per app?

So Phoenix Token doc specify that we must supply salt whenever we sign and verify.
https://hexdocs.pm/phoenix/Phoenix.Token.html

I want to use the token as bearer token to do API authentication in order to identify user, is that salt is special per user (stored in database) or is it a single secret string for everyone (app-wide)?

• If it is per user, then I need to supply the user id in the request API in order to get specific user’s salt in the database, which doesn’t make sense.
• If it is app-wide secret string, then wouldn’t it (the salt) become redundant, as we already have the :secret_key_base on config? If it is app-wide then it is not a salt but more like a pepper. CMIIW.

I think the intention is to use it app-wide, and can be hard-coded. Referring to my old thread about Phoenix.Token, José said it’s closer to “namespace” instead of “salt” in semantic.

Many thanks for the answer.