Python REST API exposing data

Hi, I have done loads of data science, ML and DBA work, but my personal experience building APIs is limited.

I have Company A collaborating with Company B.

The collaboration includes sharing data.

I would like to develop an API for Company A that exposes the data that Company B needs.

The data travels over the internet, so I want the API to secure and restricted, so that it's only exposed to Company A and B.

We need firewall rules in place, so that Company B can talk to the API hosted at Company A.

But how do I handle authentication and security? Can I piggy back on something from FastAPI? Should I use "Simple OAuth2 with Password and Bearer"?