Restrict access to API rest

I am creating a rest API that will be consumed by multiple applications, but I don’t want to leave access “open” ie I want to limit which applications can access the API, but I don’t want the user to have to manually login to the API.
I am quite confused, I already have documentation about authentication but I did not understand which method I should use.

You can go with a token-based authentication. approach, and hence in some way you provide your clients the token, and for each request to your api they’ve to send this token either in body/headers of the request. usually Authorization header is used.

For Yii2 you can use HttpBearerAuth more details can be found here.

1 Like

what do you think about using x-api-key instead of bearer?

yes you can. authenticator behavior in Yii can be customized to any kind of authentication mechanism.