Which method is NOT commonly used for authenticating API consumers?

Session cookies are typically used to manage user sessions in web applications rather than as a method for authenticating API consumers. They are designed to store information about user interactions and may be used after initial user authentication has been completed. In the context of APIs, reliance on session cookies for authentication is less common, as APIs are often stateless and designed to be accessed programmatically, where other authentication methods are more suitable.

On the other hand, OAuth tokens, API keys, and Basic Authentication are standard methods for authenticating API consumers. OAuth tokens provide a secure way to authorize access without exposing user credentials. API keys offer a simple mechanism for identifying the calling program or user. Basic Authentication allows users to authenticate by sending a username and password with each API request. These methods align more closely with typical practices for securing API access, in contrast to using session cookies, which cater mainly to web-based user interactions.