I don't know if it's the best way because it depends on requirements, constraints and such but I would take a look at using an API Gateway as the auth layer.
The user requests an API, the gateway authenticates the requests, generates a token and opens the gates or blocks the request.
The type of auth flow depends a lot on what you want to accomplish but tools like Kong support different type of authentication methods (from basic auth to jwt to oauth2 to openid to others)
See also How can I add authentication to a microservice/API?
Another way might be to use an external authentication service, like Okta or Auth0
More than 500 posts published weekly.What are you missing out on?
We’re a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.