This kind of question appears often here. I found the following discussion very informative: https://news.ycombinator.com/item?id=16157002
(as you can see, there are very different and conflicting opinions about what are the best practices).
I'd find it very helpful if somebody can recommend a resource, like some book, course or blog post that thoroughly explains the best practices and recommended strategies about authentication for APIs, websites and mobile apps in client/server and server/server communication.
I'd find it very helpful if somebody can recommend a resource, like some book, course or blog post that thoroughly explains the best practices and recommended strategies about authentication for APIs, websites and mobile apps in client/server and server/server communication.