Jim wants to limit who can use an API that his company gives and be able to log usage of the API uniquely to each organization that they provide access to. Which of the following solutions is MOST usually used to do this?

Application programming interface (API) keys are frequently used to meet this need. An API key can be issued to an individual or organization, and then the use of the API can be tracked to each API key. If the API key is compromised or abused, it can be revoked and a new API key can be issued. Firewall rules written to use public IP addresses can be fragile, since IP addresses may change or organizations may have a broad range of addresses that may be in use, making it hard to validate which systems or users are using the API. Credentials, including passwords, are not as frequently used as API keys.