Use application-level authorisation if you wish to control which applications can access your API, but not which end that is specific. This will be suitable should you want to use rate limiting, auditing, or billing functionality. Application-level authorisation is typically not ideal for APIs holding personal or data that are sensitive you really trust your consumers, for example. another government department.
We recommend using OAuth 2.0, the open authorisation framework (specifically because of the Client Credentials grant type). This service gives each registered application an OAuth2 Bearer Token, that could be used in order to make API requests in the application’s own behalf. […]