Hi,
I am also looking for a similar solution. Does Securing a backend API with Post User Registration - #5 by dan.woda not show two ways to accomplish this?
I guess the question you need to ask yourself: Is the auth being done as a the User or M2M?