Zend certified PHP/Magento developer

Authentication type for API to be used by partners | Magento 2

We are creating an API to sell our giftcodes to a partner in M2 enterprise edition. The partner will have functionalities like:

  • To have Store Credit
  • Can buy giftcodes
  • View buy history

We cannot use customer token or admin token to give access as this will cause security issue (if so, any customer can access that API).

One way is by creating an endpoint which will be overriding customer endpoint as partner will be availing similar services as customer.

But here question is which authentication would be used to allow access to partner to use API as he cannot use customer token or admin token.