What is the best approach for login into external REST API, required for JIRA plugin using JIRA credentials or...?

What is the best approach for login into external REST API, required for JIRA plugin using JIRA credentials or…?

I think JIRA credentials could not be reused, am I right?

It looks like I only could check, if user logged, then call required API with hardcoded credentials for this API (not JIRA credentials).

But how it is better to differ one customer’s company’s JIRA from another?

With URI?