Securing API calls within the DPM library

How are API calls authenticated within the library?

A question has arisen during implementation of the module... how are we expected to secure API requests against the endpoints exposed for the module?

I think we considered authorisation by whatever internal mechanism the platform uses, however this call is made from within a library, so not clear how you are expecting that to be implemented. Can you confirm how the module expects authorisation to be passed in ?

There is also a related question for me: I would prefer us to use the same OIDC mechanism to secure these endpoints as other DFC endpoints, that allows consistency & the potential for cross-platform authorisation requests (we already have a use case for that). Can we do that? There's a potential issue in that not all platforms utilise OIDC for internal authentication, although I think most offer dual auth on API endpoints (e.g. OFN allows either OIDC token or API key).