Normal
Hi [USER=36373]@JayCustom[/USER] , I'm sorry for my bad English, I'm Brazilian and I was here reading your topic. Look, last week I was in the same situation as you to implement security even if it is minimal in the company's system in the API part of the system. I did it, I implemented JWT, where a Bearer token is passed in the header Authorization. I recommend reading the JWT on the JWT website, Google's first page. It is not at all complex, since the idea of JWT is for you to receive the Token and decode it, so you can verify the key delivered by it. Yes it works with a key that you must keep it very well, because only your server-side should contain it. Read about it, it's really cool, I implemented and liked it. Be well and I hope everything goes well!