Through authentication, we get to know who is accessing our API; through authorization, we get to tell who can access what, within our API.
Through authentication, we get to know who is accessing our API; through authorization, we get to tell who can access what, within our API.