What is the best way to go about making sure transactions are created by the actual end users creating them when calling API’s.
We use the Zoho invoice and estimate API’s which have accounts setup via the out of the box API’s within zapier and also we have custom API’s configured with OAUTH2, given that the OAUTH2 deals primarily with authorization and not user authentication every time we create an estimate or invoice via Zapier the created by user is stamped on the host application as the central account user that configured the connected account in Zapier.
Is there a way to set the users client credentials to be used with OAUTH2 so that when the API is physically called it recognises the transaction is being created by an actual user of the application or does this require a feature on the API side to handle this?