Which user role should be used to allow external systems to invoke Appian web APIs?

The question is about allowing external systems to invoke Appian web APIs. A service account is the user role that should be used for this purpose, as it is a special type of basic user that can be configured to authenticate with web APIs using an API key. A service account can also be assigned to specific groups or roles to control the access to web APIs. The other options are not user roles, but rather groups or user types that are not suitable for this purpose. References:

Service Accounts

Web API Security