If you don’t want to distinguish between multiple users within the same vendor which seems to be the case as you mention that if opting for the user-based option you would create a (assuming single) user and that vendor will not access services that are user-specific.
In this situation I would recommend going with the creation of a non-interactive client application for each vendor. You can make use of client_metadata to maintain the association between vendor and respective client application.
Additionally, for client credentials grants there’s a built-in authorization grant management interface that would let you easily configure/view the allowed scopes through the Auth0 Dashboard itself. Alternatively, you could also automate this process through the Management API.