We are creating an API to sell our giftcodes to a partner in M2 enterprise edition. The partner will have functionalities like:
- To have Store Credit
- Can buy giftcodes
- View buy history
We cannot use customer token or admin token to give access as this will cause security issue (if so, any customer can access that API).
One way is by creating an endpoint which will be overriding customer endpoint as partner will be availing similar services as customer.
But here question is which authentication would be used to allow access to partner to use API as he cannot use customer token or admin token.