Regarding the context JWT, this may be helpful. Essentially a context JWT will be used for client-to-server communication. For server-to-server requests, a regular JWT is used. This will contain a qsh claim (query string hash), which prevents URL tampering. Lifecycle events, including migration hooks will use the standard JWT.
Endpoints should automatically authenticate incoming JWT requests. Then you can use the @AuthenticationPrincipal AtlassianHostUser to get access to request details like clientKey, productType etc.
@PostMapping(value = "/migration/schedule")
public String schedule(@AuthenticationPrincipal AtlassianHostUser hostUser) {
String clientKey = hostUser.getHost().getClientKey();
Hope this helps