I am creating a rest API that will be consumed by multiple applications, but I don’t want to leave access “open” ie I want to limit which applications can access the API, but I don’t want the user to have to manually login to the API.
I am quite confused, I already have documentation about authentication but I did not understand which method I should use.
You can go with a token-based authentication. approach, and hence in some way you provide your clients the token, and for each request to your api they’ve to send this token either in body/headers of the request. usually Authorization header is used.
For Yii2 you can use HttpBearerAuth more details can be found here. https://www.yiiframework.com/doc/guide/2.0/en/rest-authentication
what do you think about using x-api-key instead of bearer?
yes you can. authenticator behavior in Yii can be customized to any kind of authentication mechanism.