My company has a survey database, with a form on our website to collect anonymous survey responses. We now want to engage about 12 partner companies to collect anonymous responses on their websites and send the responses to us. We’ve built a REST API for the partner’s web app to post the responses to, and are trying to figure out the right Oauth2 security flow to use with these partners. There are just 2 parties in this flow – my company and the partner – no information or authorization of the survey responder is involved. But we do need to restrict the API to only these partners, and authorize them for the survey response endpoint.
I’m getting a little lost in the “Which OAuth 2.0 flow should I use?” article (https://auth0.com/docs/api-auth/which-oauth-flow-to-use). I think it’s pointing me to the Authorization Code grant, but that seems more suited to a 3-party scenario, e.g., if the survey responder needed to authorize the partner to submit a response to my API on the responder’s behalf. But that’s not my scenario.
Any guidance would be appreciated. And if this isn’t even appropriate for an Oauth flow, let me know.