In an N-Layered architecture, a REST interface is exposing some resources. Clients need to be authenticated with Basic Authentication over TLS. Business logic is making sure the data is valid and acceptable by the system. Filters are applied to make sure a tenant can only see and change his data.
If a service needs to manipulate the same data, would it be better to
1) have it use the same REST interface but apply service-level filters and use a technical account for authentication
or would it be preferable to
2) have the service account use the business (Domain) layer directly?`
What is your opinion or logic to use one over the other approach?