Zero Trust for APIs: Securing Userless APIs with Multi-Factor Authentication