SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).

SuperTokens.com

Hey just a quick technical question, is there any sort of built in functionality for the use for API keys in order to give auth for our API to other companies? Or do they need to use the standard login/verification routes?

You can use our microservice auth guide for this: https://supertokens.com/docs/microservice_auth/introduction

Essentially, you want to use our JWT recipe to issue JWTs to the third party clients and verify those (As mentioned in the guide link above) in your APIs.

If you are sharing the same API for frontend calls and third party client calls, then you can make your own custom verification middleware (See https://supertokens.com/docs/session/common-customizations/sessions/session-verification-in-api/get-session#getsession-vs-verifysession for example) which first does optional session verification via our getSession function, and if that doesn't return a session, then you can assume it's an API call from the third party client and attempt a regular JWT verification. If that fails too, send back a 401 to the frontend.