I am working on an API that our customers will use to access company data. Our API is basically ready, and now we are looking at how to provide connectivity. The obvious choice is OAuth (2?), But in our case, access to the API does not depend on the user, but rather on the company.
For example, we will have a mobile application that will connect to the API, and everyone who wants to install the application must have access to the API without requiring additional authentication secrets / OAuth.
A high-level idea is to hard-code specific client applications with a shared key so that they can only access the correct data, which would not be OAuth, but some user solutions ... but at some point it is possible that we we will also make individual individual permissions where OAuth will be more appropriate, so something based on standards and future friendly is a desirable solution.
Any pointers? Just trying to fill in the blanks with the best angle to move forward. Looking through, it looks like it's like the server-to-server model that Apigee recommends against using OAuth for.
source share