Organizations providing digital services most commonly secure their applications and APIs using OAuth 2.0 and OpenID Connect. One benefit of this approach is externalizing difficult security operations, such as user credential management, from applications.
Source: The New Stack