Right now, we have user authentication system working.
But we also need to authenticate 3rd party app as well.

We will create this app3party by ourselves and will give them API_ID:API_KEY.

When they authenticate, they need to set it on the header.
API-KEY-Authentication API_ID:API_KEY

On the API side, it needs to check this before allowing them to do anything else.