The different applications will be authenticating to your API, right?
You can use various methods (OAuth 2, static API keys etc) - and use API Gateway to authenticate it,
One way is to issue JWTs to each application and use a JWT Authorizer in API Gateway:
https://docs.serverless-stack.com/constructs/Api#adding-jwt-authorization
You can generate your own JWTs using a lib, or use a tool like cognito or auth0 to generate them, and check them in the authorizer.
Another way is to issue static api tokens to each application, and use a Lambda Authorizer to check it and look up which one called the API