Once option is, you could create application[1] and subscribe to the API[2] and generate oauth keys[3] . You could share these keys with the vendors so that they could generate access tokens and invoke the API. external parties won't have to login. You could check the official documentation to see what kind of additional features (security, throttling, etc) you could use to build a solution.
[1] https://apim.docs.wso2.com/en/4.3.0/consume/manage-application/create-application/ [2] https://apim.docs.wso2.com/en/4.3.0/consume/manage-subscription/subscribe-to-an-api/ [3] https://apim.docs.wso2.com/en/4.3.0/consume/manage-application/generate-keys/generate-api-keys/ [4] https://apim.docs.wso2.com/en/4.3.0/consume/consume-api-overview/