I am looking to do something similar. I still see lot of examples in the internet on how to secure APIs for websites with UI. In my usecase I am about to provide APIs for B2B so no user logins using UI. Third parties will call my API and they are requesting that I first authenticate using a Client ID and Secret Key, issue them an access token that is valid only for few minutes, and they would be sending the access token in they request back to me, and I would have to validate it and send proper response back.

Would anyone have any sample git repos or tutorial where this is done? Should I use JWT like how it is done for APIs behind UI based websites or is there any other way?

Thanks,