ClientID Config/ API

I had to create a simple API for a vendor to call.

I followed this guide.

However, I noticed that 1 of our other clientID/Secrets tokens will work against my new API and vice versa.

Is there a way for me to limit this new ClientID/Secret to only have access to my new API? I haven’t really done much with Okta so I have been googling my way through.

Do I need a second auth server with a non-default audience?

Hi, yes you need a second auth server to avoid other Clients to access this API

You can create API token with custom permissions as it’s mentioned in this article.

If you need to create a second auth server as mentioned by vk, then there might be an added cost for it.

Is there a good way in .net to validate the token is from my ClientID and decline the others?