For securing APIs, you have either API keys or 'sessions'. On the session side, you can read these blog posts https://supertokens.io/blog/all-you-need-to-know-about-user-session-security https://supertokens.io/blog/the-best-way-to-securely-manage-user-sessions