I have some API that should be accessible from a very long list of devices (some of them can reach my Oauth2 server and get some token, some of them cannot).
These devices are mobile phones (IOS, Android) and in the future could be any device that has an HTTP client.
But I need to secure my API from everyone.
I'm thinking about some header that calculates from some algorithm including hashing some parts of the request, for example.
But I also think that I'm reinventing the wheel and such a solution already exists.
Some sort of CAPTCHA maybe?
P.S.: Requests to such API will doing not users, but an application doing in the background.