Mental models help us learn faster and more efficiently. The security field can be viewed from two different viewpoints. One is very high-level, dealing with abstract ideas. Let's call it macro. The other deals with the details, of how the smaller parts interact. That's the micro.
End-to-end encryption means data is encrypted at the sender and only the final recipient can decrypt it. True end-to-end encryption has excellent privacy and security benefits. However, it also has a cost. As a developer, it is a great pattern to utilize to shield data from 3rd parties.
As a web developer, you have various choices regarding API authentication. This guide aims to provide you with a high-level overview of the six most used schemes. Inside, you will find a cheatsheet to help you choose.
TLS mutual authentication doubles down on HTTPS. Using this scheme your clients' identity is proved by presenting certificates and proving ownership of a private key. This is a very potent tool and also a tradeoff.
HTTP signature schemes provide integrity and authenticity on the application layer. Using them increase security but also incurs complexity.