If your partners will be using a web browser to qu...
# general
r
If your partners will be using a web browser to query those APIs (within some app they made), then cookies is fine. Else authorisation headers is the way to go