8.2 Authentication and Security for COUNTER_SUSHI API
The COUNTER_SUSHI API MUST be implemented using TLS (HTTPS).
The API MUST be secured using one or more of the following methods:
Combination of customer ID and requestor ID
IP address of the SUSHI client
API key assigned to the organization harvesting the usage
Non-standard techniques for authentication (techniques not specified in the COUNTER_SUSHI API specification) MUST NOT be used.
If IP address authentication is implemented, it MUST allow the same SUSHI client (a single IP address) to harvest usage for multiple customer accounts (e.g. hosted ERM services).