I don't know if the title is clear enough, but here is the whole picture:
I need to have the exact same API endpoints to access the data for two (and only two) different companies (which are part of a larger "parent" company). These should then return different results.
There's a few options to differentiate the calls made by the client:
/companyA/users and /companyB/users and so on;/users?company=A;Thoughts on these options (or any other ideas)?
I strongly suggest you use a query parameter. Custom headers are a bad idea because intermediate servers (proxies, caches, etc) may or may not keep them in requests/responses. Embedding the company in the URL is extremely limiting. What happens in 6 months when the requirements change and you need to get users from multiple child companies at the same time? Add a new endpoint?
Conceptually, the API is for the parent company, or it wouldn't have multiple child companies' data in it. You want to filter out the users of the parent company that happen to work at company A or company B. That's what a query parameter is designed for.