API Security

Hey everyone,   We have an application with an API and thinking about security and were wondering about the best practices for security:   - A separate user role that has an account with login credentials for the API (service account). - A constant that acts as an API key that we can perform as a check before our microflows run that we can update regularly on our internal systems.   Any other better ways to handle this?   Keys, certs?   Any help or opinions on this would be great, thanks!
1 answers

Certificates are usually the way to go when securing you API’s. See this doc: https://docs.mendix.com/developerportal/deploy/certificates/