Expand on the authentication suggestion

[petrdvorak]

Don't use Basic Auth. Use standard authentication instead (e.g., JWT).

This is not very helpful. First of all, "Basic Auth" is "standard" in a way and broadly supported. I would recommend adding a bit more context:

Don't use Basic Auth as the end-user authentication measure. Use OpenID Connect or OAuth 2.0 flow. For server-to-server integrations (M2M), Basic Auth might still work but we recommend extending it with mTLS or VPN.