I saw this post back in 2017,
which describes the flow of how the API key and secret are used, but then I also saw this post
Definitely the first link is more up to date, but I just wanna know if this approach is still the recommended approach if the goal is to provide some sort of credential for clients to use our API.
Is providing the API key/secret -> use such key and secret to call for token -> access API with token still the right approach? I’m not sure how jwt comes into play here honestly