Depends on your scenario, but I use Basic Authentication right now. Note that in production it is recommended that this is always sent over HTTPS as it is sent in Base64 encoding which is easy to decrypt. Greater security would require JWT.