MAC (Message authentication code) could be the best authentication scheme for IoT.

Certificate are of course the best way to do authentication at all, in IoT also. Sometimes they can be too large to be delivered.

Look at the following paper for lightweight certification techniques for IoT systems.

Conference Paper Key Management Protocol with Implicit Certificates for IoT systems

SSL certificate is the best solution.

If you need to connect machine-to-machine (M2M) using API, I think a good way is the APIkey. Using the Message Queue Telemetry Transport (MQTT) can be very useful to use it for faster and reliable auth.

For more insight on the iot matter, you can take a look at

https://cloud.google.com/docs/tutorials#internet_of_things

Ciao.

dot1x (IEEE802.1X) is also picking up for IoT networks. As dot1x runs over EAP framework, different configurations (as simple as eap-mg5 to certificate based one slike EAP-TLS ) are possible and so a range of options.

AES is also good for IoT

ECC is the best solution nowadays

It depends on numerous parameters such as (1) the use case scenario's requirements, or (2) the used devices computation and energy capacity. You can read our paper which propose a lightweight authentication method that relies on a certificate like approach. But running on a blockchain in order to meet scalability requirement, since it is completely decentralized:

"Bubbles of Trust: a decentralized Blockchain-based authentication system for IoT"

Article Bubbles of Trust: a decentralized Blockchain-based authentic...

For the state of the art you can also see:

Article Internet of Things (IoT) Technologies for Smart Cities

May you can search some lightweight ARX ciphers for that. They are good for IoT devices. AES is heavy for many resource constrained IoT devices.

Try to read this interesting IoT authentication article, which depends only on hash and XOR.

Article Secure mutual authentication and automated access control fo...