Currently, I need to publish some api to the third party APP. Their app need to use my API because it's involve some critical calculation.
Are all what I need to do is to give them a secret key and had a middleware to check that key against my the one reserve in my .env?
All user session and well, their app are handle by them not me. My web app only provide calculation for the payment gateway which is also handle by them.