API authentication and Security Project

Hi everyone, For context, I'm working on a full-stack project that uses AI to detect network anomalies with fastAPI. It is only accessible internally, so there is no public-facing endpoint. I also only expect a small number of clients (1–15) to access it at any given time. My question is: what's the best way to approach this? I currently have an nginx reverse proxy that checks whether the SSL certificate is valid. Is this a standard way to handle