Passwordless application in tenant A needs to use API in tenant B

I have an existing tenant that accommodates a back-end API, a passwordless mobile app and username-password web app.

I want to create a new web app that will also have a passwordless authentication method. This new application is to serve a completely different class of users, but it is my intention that the new app will continue to use the same backend API and database (and resource-server abstraction via Auth0). (Even if we were to implement a backend-for-frontend pattern and introduce an additional API, the two APIs would still need machine-to-machine auth between two different tenants.)

What is the best way to architect and implement this solution?

Thank you in advance!