I am developing a B2B multi-tenant REST API which will be invoked by tenant’s (wallet provider) server application (secure or confidential client) on to perform some operations on its user’s accounts. User’s authentication information stays with tenant’s server & only tenant’s authentication/authorization is required at my end.
I am using Java and Spring for dev. Looking for best option to secure my APIs. I have looked into OAuth (1 & 2) but not sure if it fits well in my case.
