Construct API with Token Validation


I’m trying to create an API to access custom content types. So, I have taken the approach to use Tailor/Twig, as explained in the most recent October CMS documentation.
My application will not need a front-end, because other web applications will fetch the content by using the API.
What I want to accomplish is:

  1. Define and create the interface for custom content types in the backend and prepare their respective API endpoints.
  2. Create the interface to generate and manage tokens for the backend users in the October CMS backend site.
  3. Add an authentication layer to the API, so that the token in the incoming request could be validated against those generated and activated for the authorized backend users.

By following the official documentation, and with some valuable help from the forum members, I have the point 1 almost solved.

Some guidance or advice regarding the points 2 and 3 would be greatly appreciated.

Best regards.