I am planning to work on a REST based API, may be host it in one of the cloud providers like AWS . I understand simply having an API key wouldn't be enough from a security perspective, as the key is passed in the header . I simply want to build a REST endpoint and don't plant to build a web front end for users to create an account, so I won't have username/password or use login credentials to validate. should i add this?
I hear about OAuth standard, or token based, how does this work, if anyone can explain that would be helpful.