Use application-level authorisation if you’d like to control which applications can access your API, but not which specific end users. This is certainly suitable if you’d like to use rate limiting, auditing, or billing functionality. Application-level authorisation is typically not ideal for APIs holding personal or sensitive data unless you really trust your consumers, as an example. another government department.
We recommend using OAuth 2.0, the open authorisation framework (specifically aided by the Client Credentials grant type). This service gives each registered application an OAuth2 Bearer Token, that can easily be used which will make API requests in the application’s own behalf.
To offer authorisation that is user-level
Use user-level authorisation should you want to control which end users can access your API. That is ideal for dealing with personal or sensitive data.
For instance, OAuth 2.0 is a authorisation that is popular in government, specifically aided by the Authorisation Code grant type. Continue reading “In case the organisation is managing the API, you shall need to manage the authorisation server.”