I would slightly recommend an Apex over a flexSecure for your first authentication/2FA implant. They both use the same chip and have the same capabilities, but the Apex is a little easier to manage. The Apex essentially has its own app store for JavaCard applets through a company and smartphone app called Fidesmo.
Almost all of the applets that are available for the Apex via Fidesmo have open-source flexSecure versions, but some of them (like the FIDO2 applet) require some additional configuration that isn’t needed if you install it on the Apex via Fidesmo.
Right now, the FIDO2 applet on the Apex has not been officially certified by Microsoft, but there are plans to do so in the future. Due to the way that certification works, the flexSecure will likely never be certified. Right now, certification only impacts a small number of services/websites. Most services (Google, AWS, Github, etc) will allow you to use a FIDO2 key that has not been certified, but Microsoft recently disabled the Apex and flexSecure from being used to authenticate into corporate Windows accounts via Microsoft Entra (it also affects Nvidia logins). If/when VivoKey gets the Apex certified, those uses should become available again, but that won’t ever happen on the flexSecure.
I wrote an authentication guide on setting up an Apex or flexSecure as a Yubikey alternative. Some of the information is out of date (things are a little easier now), but it should give you a good idea of what you can expect with each.
If you are on the fence, I 100% recommend buying a $20 flexSecure test card which will let you try out all of the authentication things before buying an implant. It also serves as a nice backup for when you get one installed.
My absolute favorite use of the Apex/flexSecure is still the ability to use it as a 2nd factor to encrypt/decrypt a KeePassXC password database. That pretty much gives you an unlimited amount of implant-secured encrypted storage, and there are apps available that will work on Windows, macOS, Linux, Android and iPhone. That usage works identically between the Apex and flexSecure.