You can issue your customers client credentials they can use to obtain M2M tokens against your APIs. You will then have control over what scopes those applications are able to use.
With that said, if you are planning on having a lot of customers, you could quickly run into entity limits and might want to explore other solutions.
We would be looking, at the most, a dozen untrusted M2M applications. Looks like that could put us over the limit for our current plan. Good to know now. Thanks!