ClientID Config/ API

I had to create a simple API for a vendor to call.

I followed this guide.

However, I noticed that 1 of our other clientID/Secrets tokens will work against my new API and vice versa.

Is there a way for me to limit this new ClientID/Secret to only have access to my new API? I haven’t really done much with Okta so I have been googling my way through.

Do I need a second auth server with a non-default audience?

Hi, yes you need a second auth server to avoid other Clients to access this API

You can create API token with custom permissions as it’s mentioned in this article.

If you need to create a second auth server as mentioned by vk, then there might be an added cost for it.

Is there a good way in .net to validate the token is from my ClientID and decline the others?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.